[Dnsmasq-discuss] Segfault with DNSSEC
simon at simongoodall.co.uk
simon at simongoodall.co.uk
Thu Mar 27 22:20:28 UTC 2014
On Thu, Mar 27, 2014 at 10:08:10PM +0000, Simon Kelley wrote:
> On 27/03/14 21:32, simon at simongoodall.co.uk wrote:
> > On Fri, Mar 21, 2014 at 11:16:42AM +0000, Simon Kelley wrote:
> >> On 20/03/14 22:25, simon at simongoodall.co.uk wrote:
> >>> Hi,
> >>>
> >>> I'm getting a segfault running dnsmasq with dnssec enabled.
> >>>
> >>> Logs show the following;
> >>>
> >>> dnsmasq[10172]: query[AAAA] www.ncbi.nlm.nih.gov from 192.168.1.4
> >>> dnsmasq[10172]: forwarded www.ncbi.nlm.nih.gov to 8.8.8.8
> >>> dnsmasq[10172]: forwarded www.ncbi.nlm.nih.gov to 8.8.8.4
> >>> dnsmasq[10172]: forwarded www.ncbi.nlm.nih.gov to 2001:4860:4860::8888
> >>> dnsmasq[10172]: forwarded www.ncbi.nlm.nih.gov to 2001:4860:4860::8844
> >>> dnsmasq[10172]: dnssec-query[DNSKEY] ncbi.nlm.nih.gov to 8.8.8.8
> >>> dnsmasq[10172]: query[A] www.ncbi.nlm.nih.gov from 192.168.1.4
> >>> dnsmasq[10172]: forwarded www.ncbi.nlm.nih.gov to 8.Enigmail8.8.8
> >>> dnsmasq[10172]: query[AAAA] www.ncbi.nlm.nih.gov from 192.168.1.4
> >>> dnsmasq[10172]: dnssec retry to 0.0.0.0
> >>>
> >>> and running in gdb yields;
> >>>
> >>> #0 0x00024e44 in forward_query (udpfd=8, udpaddr=0xbefff7c0, dst_addr=0xbefff7ac,
> >>> dst_iface=2, header=0x71de8, plen=45, now=1395350397, forward=0x84430, ad_reqd=0,
> >>> do_bit=0) at forward.c:294
> >>> #1 0x0002790c in receive_query (listen=0x74768, now=1395350397) at forward.c:1280
> >>> #2 0x000313a0 in check_dns_listeners (set=0xbefff8b8, now=1395350397) at dnsmasq.c:1436
> >>> #3 0x0002fc1c in main (argc=4, argv=0xbefffcf4) at dnsmasq.c:951
> >>> (gdb)
> >>>
> >>> (gdb) print forward
> >>> $1 = (struct frec *) 0x84430
> >>> (gdb) print forward->rfd6
> >>> $2 = (struct randfd *) 0x0
> >>> (gdb)
> >>>
> >>> I am running version from git - v2.69test11.9.g0c8584e on an arch linux arm box. I am regularly seeing a segfault when browsing this site, although not for every query.
> >>>
> >>
> >> Many thanks. I've found, I think, the problem and pushed a fix for it to
> >> git.
> >>
> >> http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=2b29191e7c6dcfd262997bdaf7bc8c6d539efa87
> >>
> >> Please could you see if that improves things?
> >>Enigmail
> >>
> >> Cheers,> Simon
> >>
> >>
> >> _______________________________________________
> >> Dnsmasq-discuss mailing list
> >> Dnsmasq-discuss at lists.thekelleys.org.uk
> >> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
> >
> > _______________________________________________
> > Dnsmasq-discuss mailing list
> > Dnsmasq-discuss at lists.thekelleys.org.uk
> > http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
> >
>
> >>
> >> Simon.
> >
> > Got another segfault today. I didn't get a stacktrace this time, but the retry to now prints an ipv6 address rather than 0.0.0.0.
> > Looking at your change, it doesn't look to me like it stops the null dereference of rfd6 in fd = forward->rfd6->fd.
> >
>
> Bah, you're right. I was seduced by the obvious bug and didn't look
> beyond it. A second fix in the git repo now, which should solve things.
>
> The sequence of events to trigger the bug is
>
> Query sent to mixture of IPv4 and IPv6 upstream servers. First reply
> from a server with different IPv4/IPv6 type than _last_ server query was
> sent to. Extra query needed to get DNSSEC data, and that query times out
> and needs retrying.
>
> Not a frequent set of coincidences, obviously.
>
>
> Cheers,
> Simon.
>
Thanks I'll pull it down and give it a go.
Simon
>
>
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
More information about the Dnsmasq-discuss
mailing list