[Dnsmasq-discuss] [PATCH] auth: Fix segfault when querying ptr locally on ip6.arpa auth-zone

[Johnny S. Lee]

But if I removed the line
> auth-zone=z.0.0.0.y.0.0.0.x.0.0.0.w.0.0.0.ip6.arpa
there would be no SOA and NS records when I run
dig +trace soa z.0.0.0.y.0.0.0.x.0.0.0.w.0.0.0.ip6.arpa

On Mon, Apr 13, 2015 at 4:41 AM, Simon Kelley <simon at thekelleys.org.uk> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 10/04/15 23:51, Johnny S. Lee wrote:
>> Just a quick fix on obvious calls with NULL pointer. Not sure if
>> I'm doing it correctly. At least it won't crash anymore with my
>> config:
>>
>> auth-server=my.domain.tld,ethN
>> auth-zone=my.domain.tld,a.b.c.d/32,w:x:y:z::/64
>> auth-zone=z.0.0.0.y.0.0.0.x.0.0.0.w.0.0.0.ip6.arpa
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
> This line is superfluous, and the direct cause of the problem you're
> seeing, the w:x:y:z::/64 in the line above automatically makes
>
> z.0.0.0.y.0.0.0.x.0.0.0.w.0.0.0.ip6.arpa
>
> an authoritative zone, there's no need to declare it as such.
>
> The crash is real, and needs to be fixed: the code fails to account
> for the someone configuring it like you did, because it's not how it
> was intended to be configured, I guess. I've applied the patch, or
> something like it. In the meantime, just deleting that line will make
> dnsmasq, as released, not crash.
>
>
> Thanks for the bug report.
>
>
> Cheers,
>
> Simon.
>
>
>
>>
>> Debug against ad4a8ff7d9097008d7623df8543df435bfddeac8, when
>> running the following on a machine in local network: dig ptr
>> 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.z.0.0.0.y.0.0.0.x.0.0.0.w.0.0.0.ip6.ar
> pa
>>
>>
> (note: I have a host record of that address in a hosts file)
>>
>> Program received signal SIGSEGV, Segmentation fault. in_zone
>> (zone=0x0, name=0x456008 "my.domain.tld", cut=0x0) at auth.c:60 60
>> size_t domainlen = strlen(zone->domain); in auth.c (gdb) backtrace
>> #0  in_zone (zone=0x0, name=0x456008 "my.domain.tld", cut=0x0) at
>> auth.c:60 #1  0x00438784 in answer_auth (header=0x459000,
>> limit=0x45a000 "", qlen=90, now=1428682071, peer_addr=0x7fff6840,
>> local_query=1) at auth.c:220 #2  0x00417778 in receive_query
>> (listen=0x458878, now=1428682071) at forward.c:1339 #3  0x0041bf38
>> in check_dns_listeners (set=0x7fff69fc, now=1428682071) at
>> dnsmasq.c:1547 #4  0x0041f240 in main (argc=<optimized out>,
>> argv=<optimized out>) at dnsmasq.c:1031 --- src/auth.c | 5 +++-- 1
>> file changed, 3 insertions(+), 2 deletions(-)
>>
>> diff --git a/src/auth.c b/src/auth.c index 15721e5..ccfdc19 100644
>> --- a/src/auth.c +++ b/src/auth.c @@ -186,7 +186,7 @@ size_t
>> answer_auth(struct dns_header *header, char *limit, size_t qlen,
>> time_t n
>>
>> if (intr) { -          if (in_zone(zone, intr->name, NULL)) +
>> if (local_query || in_zone(zone, intr->name, NULL)) { found = 1;
>> log_query(flag | F_REVERSE | F_CONFIG, intr->name, &addr, NULL); @@
>> -209,6 +209,7 @@ size_t answer_auth(struct dns_header *header,
>> char *limit, size_t qlen, time_t n
>>
>> /* add  external domain */ strcat(name, "."); +          /* FIXME:
>> zone is NULL when local_query == 1 */ strcat(name, zone->domain);
>> log_query(flag | F_DHCP | F_REVERSE, name, &addr,
>> record_source(crecp->uid)); found = 1; @@ -217,7 +218,7 @@ size_t
>> answer_auth(struct dns_header *header, char *limit, size_t qlen,
>> time_t n T_PTR, C_IN, "d", name)) anscount++; } -          else if
>> (crecp->flags & (F_DHCP | F_HOSTS) && in_zone(zone, name, NULL)) +
>> else if (crecp->flags & (F_DHCP | F_HOSTS) && (local_query ||
>> in_zone(zone, name, NULL))) { log_query(crecp->flags & ~F_FORWARD,
>> name, &addr, record_source(crecp->uid)); found = 1;
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.22 (GNU/Linux)
>
> iEYEARECAAYFAlUq2F0ACgkQKPyGmiibgrcIqACeMmiXvfcDsbo+jzLc2PIdy/JV
> NzMAoIZN7oH3DOiHEG0rMPlL4OJkqzwq
> =Z4n5
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss