[Dnsmasq-discuss] crash with DNSSEC on 2.80
Simon Kelley
simon at thekelleys.org.uk
Mon Jul 15 22:06:44 BST 2019
Ugh, that's nasty. Thanks for the good bug report.
It this reproducible? A domain which when validated always prompts a
crash would be very useful.
>From the information we have, the obvious problem is rrsetidx=27430912
which makes no sense, and will surely crash a buffer. That value is
generated in explore_rrset() which should return either 1, and a valid
value for the number of RRsets, or zero if there's an error.
In fact there are a couple of cases where the code detects a malformed
packet, and returns STAT_BOGUS (which is not zero) thus allowing the
calling code to continue with an undefined value for the number of
RRsets. So, certain kinds of malformed packets may cause this crash.
This looks like an incomplete refactoring, that code used to return a
STAT_* return code but the explore_rrset stuff got pulled out and
returns true/false, but a couple of code paths got missed.
Does
http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commitdiff;h=05299fdd5a3b6ace43224c7d27d06a57b175639f
Seem to fix things? That would be a nice, easy fix if so.
Cheers,
Simon.
On 14/07/2019 02:21, Graham Menhennitt wrote:
>
> Hello dnsmasqers,
>
> I'm running dnsmasq 2.80 on FreeBSD 12-stable. It works perfectly when I
> have DNSSEC disabled. But when I enable it, I get crashes every hour or
> so. I haven't worked out what's happening exactly, but it looks like
> it's accessing past the end of a buffer. Running in lldb gives the
> following info:
>
> Process 19920 stopped
> * thread #1, name = 'dnsmasq', stop reason = signal SIGSEGV: invalid
> address (fault address: 0x8)
> frame #0: 0x0000000000274802
> dnsmasq`sort_rrset(header=0x0000000801a29000, plen=512,
> rr_desc=0x000000000027f474, rrsetidx=27430912, rrset=0x00000008013f87d0,
> buff1="mozilla.org", buff2="mozilla.org") at dnssec.c:304
> 301 end1 = p1 + rdlen1;
> 302
> 303 p2 += 8; /* skip class, type, ttl */
> -> 304 GETSHORT(rdlen2, p2);
> 305 end2 = p2 + rdlen2;
> 306
> 307 dp1 = dp2 = rr_desc;
> (lldb) bt
> * thread #1, name = 'dnsmasq', stop reason = signal SIGSEGV: invalid
> address (fault address: 0x8)
> * frame #0: 0x0000000000274802
> dnsmasq`sort_rrset(header=0x0000000801a29000, plen=512,
> rr_desc=0x000000000027f474, rrsetidx=27430912, rrset=0x00000008013f87d0,
> buff1="mozilla.org", buff2="mozilla.org") at dnssec.c:304
> frame #1: 0x00000000002714c1 dnsmasq`validate_rrset(now=1562977226,
> header=0x0000000801a29000, plen=512, class=1, type=5, sigidx=8,
> rrsetidx=27430912, name="incoming.telemetry.mozilla.org",
> keyname="mozilla.org", wildcard_out=0x00007fffffffe388,
> key=0x0000000000000000, keylen=0, algo_in=0, keytag_in=0) at dnssec.c:506
> frame #2: 0x0000000000273479
> dnsmasq`dnssec_validate_reply(now=1562977226, header=0x0000000801a29000,
> plen=512, name="incoming.telemetry.mozilla.org", keyname="mozilla.org",
> class=0x0000000801a1f248, check_unsigned=1,
> neganswer=0x0000000000000000, nons=0x0000000000000000) at dnssec.c:1920
> frame #3: 0x000000000023306f dnsmasq`reply_query(fd=15, family=2,
> now=1562977226) at forward.c:1029
> frame #4: 0x000000000024211c
> dnsmasq`check_dns_listeners(now=1562977226) at dnsmasq.c:1644
> frame #5: 0x0000000000240bab dnsmasq`main(argc=6,
> argv=0x00007fffffffe9f8) at dnsmasq.c:1104
> frame #6: 0x000000000021311b dnsmasq`_start(ap=<unavailable>,
> cleanup=<unavailable>) at crt1.c:76
>
> My dnsmasq.conf is below.
>
> Does anybody have any clues, please?
>
> Thanks,
> Graham
>
> conf-file=/etc/dnsmasq-conf.conf
> resolv-file=/etc/dnsmasq-resolv.conf
>
> server=8.8.8.8
> server=8.8.4.4
>
> # use DNSSEC
> dnssec
> trust-anchor=.,19036,8,2,49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5
>
> trust-anchor=.,20326,8,2,E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D
>
> dnssec-check-unsigned
>
> # filter what we send upstream
> domain-needed
> bogus-priv
> localise-queries
>
> # allow /etc/hosts and dhcp lookups via *.lan
> domain=menhennitt.com.au
> expand-hosts
> no-negcache
>
> # enable dhcp (start,end,netmask,leasetime)
> dhcp-authoritative
> dhcp-range=re0,203.3.73.51,203.3.73.90,255.255.255.0,12h
> # default route(s)
> dhcp-option=3,203.3.73.1
>
> # use /etc/ethers for static hosts; same format as --dhcp-host
> # <hwaddr> <ipaddr>
> read-ethers
>
>
>
>
>
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
More information about the Dnsmasq-discuss
mailing list