Maintained by: NLnet Labs

[Unbound-users] [hannah at schlund.de: Bug#567976: libunbound-dev: libunbound crashes when trying to resolve syntactically invalid domain names]

Robert Edmonds
Mon Feb 1 20:40:51 CET 2010


FYI: a bug report from a user.  i have not been able to reproduce the
issues.

----- Forwarded message from Hannah Schroeter <hannah at schlund.de> -----

Date: Mon, 01 Feb 2010 16:44:13 +0100
From: Hannah Schroeter <hannah at schlund.de>
To: Debian Bug Tracking System <submit at bugs.debian.org>
Subject: Bug#567976: libunbound-dev: libunbound crashes when trying to resolve syntactically
	invalid domain names
X-Mailer: reportbug 4.10.2
Message-ID: <20100201154413.7394.40602.reportbug at c3po.ue.schlund.de>

Package: libunbound-dev
Version: 1.0.2-1+lenny1
Severity: important


This is in fact a bug with two facets:

1. If I try to resolve a domain such as
   aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.com
   (That's *64* times the letter a)
   using ub_resolve_async, libunbound crashes (Segmentation fault in the
   asynchronous resolver thread). This does *not* occur with the
   synchronous API ub_resolve.
   This particular issue seems to be fixed in the more current
   version of libunbound such as that shipped with Debian unstable.
   Maybe it might be warranted to backport a bugfix.

2. If I try to resolve a domain such as
   aa.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
   (That's 64 times the letter a in the *last* label of the domain name!),
   libunbound crashes with *both* the asynchronous API ub_resolve_async,
   *and* the synchronous API ub_resolve. So one can reproduce *this*
   problem with unbound-host, too! This issue probably stems from a different
   source than issue 1, namely a missing validation in the underlying
   ldns code. I believe this issue is *not* fixed even in the current
   ldns subversion trunk, as checked now (2010-02-01 16:17 +0100).

3. Another issue that's in upstream code is: *If* the upstream library
   checks for syntax correctly (or rather semi-correctly, that is in
   unbound 1.4.1, as included in Debian unstable, which fixed issue 1),
   the caller can't distinguish that error from other errors because
   the error codes aren't exposed in the unbound library interface.
   So the caller can't decide whether the issue was a temporary problem,
   like for example being short of memory, or a permanent problem like
   wrong domain syntax.

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-trunk-amd64 (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/bash

Versions of packages libunbound-dev depends on:
ii  libunbound0               1.0.2-1+lenny1 library implementing DNS resolutio

libunbound-dev recommends no packages.

libunbound-dev suggests no packages.

-- no debconf information



----- End forwarded message -----

-- 
Robert Edmonds
edmonds at debian.org