[Dnsmasq-discuss] Intermittent SIGSEGV crash of dnsmasq-full

Simon Kelley simon at thekelleys.org.uk
Tue May 9 01:39:46 BST 2017 

That was a horrible one.

Fix committed, and an optimistic 2.77rc1 tag added.

I really hope to get out a 2.77 release soon.


Cheers,

Simon.

On 08/05/17 13:30, Kevin Darbyshire-Bryant wrote:
> Hi Simon,
> 
> Got a report in LEDE land about a SIGSEGV issue,  I'm able to replicate
> easily as described.
> 
> Thoughts?
> 
> Cheers,
> 
> Kevin
> 
> 
> -------- Forwarded Message --------
> Subject: [FS#766] Intermittent SIGSEGV crash of dnsmasq-full
> Date: Mon, 08 May 2017 05:57:18 +0000
> From: LEDE Bugs <lede-bugs at lists.infradead.org>
> Reply-To: lede-bugs at lists.infradead.org
> To: lede-bugs at lists.infradead.org
> 
> The following task has a new comment added:
> 
> FS#766 - Intermittent SIGSEGV crash of dnsmasq-full User who did this -
> guidosarducci (guidosarducci)
> 
> ----------
> After a little more investigation, this is definitely a bug that also
> exists in the latest lede/master which uses dnsmasq-2.77test5. It is
> easily triggered via a common mozilla DNS query, and appears related to
> using split DNS and DNSSEC.
> 
> A minimal, standalone dnsmasq.conf that is vulnerable:
> listen-address=192.168.1.1
> port=55553
> bind-interfaces
> no-daemon
> no-hosts
> no-resolv
> log-queries=extra
> server=8.8.8.8
> server=/cloudfront.net/50.22.147.234
> dnssec
> dnssec-check-unsigned
> trust-anchor=.,19036,8,2,49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5
> 
> trust-anchor=.,20326,8,2,E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D
> 
> 
> 
> Removing either of these config lines results in no SIGSEGV:
> server=/cloudfront.net/50.22.147.234
> dnssec-check-unsigned
> 
> The bug can be triggered from a DNS client simply (e.g.a blank Firefox
> page!):
> ubuntu$ nslookup -port=55553 tiles-cloudfront.cdn.mozilla.net 192.168.1.1
> ;; Question section mismatch: got cloudfront.net/DS/IN
> ;; connection timed out; no servers could be reached
> 
> 
> I also captured a dnsmasq core file from my router and ran it through gdb:
> ubuntu$
> ./staging_dir/toolchain-mips_24kc_gcc-5.4.0_musl-1.1.16/bin/mips-openwrt-linux-gdb
> -d
> ./build_dir/target-mips_24kc_musl-1.1.16/dnsmasq-full/dnsmasq-2.77test5/src/
> -n
> ./staging_dir/target-mips_24kc_musl-1.1.16/root-ar71xx/usr/sbin/dnsmasq
> dnsmasq.757.11.1494218146.core
> GNU gdb (GDB) 7.12
> Copyright (C) 2016 Free Software Foundation, Inc.
> License GPLv3+: GNU GPL version 3 or later ...
> Reading symbols from
> ./staging_dir/target-mips_24kc_musl-1.1.16/root-ar71xx/usr/sbin/dnsmasq...done.
> 
> [New LWP 757]
> ...
> Core was generated by `dnsmasq -C crash-dnsmasq.conf'.
> Program terminated with signal SIGSEGV, Segmentation fault.
> #0  forward_query (udpfd=, udpaddr=udpaddr at entry=0x7fc1d930,
>     dst_addr=, dst_iface=dst_iface at entry=0,
>     header=header at entry=0x7c8010, plen=43, plen at entry=50,
>     now=now at entry=1494218146, forward=0x77cabd90, ad_reqd=ad_reqd at entry=0,
>     do_bit=do_bit at entry=0) at forward.c:281
> 281               if (forward->sentto->addr.sa.sa_family == AF_INET)
> (gdb) bt
> #0  forward_query (udpfd=, udpaddr=udpaddr at entry=0x7fc1d930,
>     dst_addr=, dst_iface=dst_iface at entry=0,
>     header=header at entry=0x7c8010, plen=43, plen at entry=50,
>     now=now at entry=1494218146, forward=0x77cabd90, ad_reqd=ad_reqd at entry=0,
>     do_bit=do_bit at entry=0) at forward.c:281
> #1  0x00410275 in receive_query (listen=listen at entry=0x77cbffe0,
>     now=now at entry=1494218146) at forward.c:1443
> #2  0x00412825 in check_dns_listeners (now=now at entry=1494218146)
>     at dnsmasq.c:1565
> #3  0x004047db in main (argc=, argv=)
>     at dnsmasq.c:1044
> (gdb)
> 
> 
> The dnsmasq config file, log file, and client log are attached. I'm not
> sure I can go any further, so would appreciate the dnsmasq package
> maintainer taking a look and advising.
> 
> Thanks!
> ----------
> 
> 
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
> 


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20170509/726fcf28/attachment.sig>

More information about the Dnsmasq-discuss mailing list