Maintained by: NLnet Labs

[Unbound-users] [hannah at schlund.de: Bug#567976: libunbound-dev: libunbound crashes when trying to resolve syntactically invalid domain names]

W.C.A. Wijngaards
Thu Feb 11 11:10:18 CET 2010


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Robert,

1. Fixed already in the current ldns and unbound packages.
2. This is a bug in ldns, fixed in libldns.
3. But this does work? There is an error from libunbound, not a DNS
error, and this prints out as 'syntax error'.

Best regards,
   Wouter

On 02/01/2010 08:40 PM, Robert Edmonds wrote:
> FYI: a bug report from a user.  i have not been able to reproduce the
> issues.
> 
> ----- Forwarded message from Hannah Schroeter <hannah at schlund.de> -----
> 
> Date: Mon, 01 Feb 2010 16:44:13 +0100
> From: Hannah Schroeter <hannah at schlund.de>
> To: Debian Bug Tracking System <submit at bugs.debian.org>
> Subject: Bug#567976: libunbound-dev: libunbound crashes when trying to resolve syntactically
> 	invalid domain names
> X-Mailer: reportbug 4.10.2
> Message-ID: <20100201154413.7394.40602.reportbug at c3po.ue.schlund.de>
> 
> Package: libunbound-dev
> Version: 1.0.2-1+lenny1
> Severity: important
> 
> 
> This is in fact a bug with two facets:
> 
> 1. If I try to resolve a domain such as
>    aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.com
>    (That's *64* times the letter a)
>    using ub_resolve_async, libunbound crashes (Segmentation fault in the
>    asynchronous resolver thread). This does *not* occur with the
>    synchronous API ub_resolve.
>    This particular issue seems to be fixed in the more current
>    version of libunbound such as that shipped with Debian unstable.
>    Maybe it might be warranted to backport a bugfix.
> 
> 2. If I try to resolve a domain such as
>    aa.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
>    (That's 64 times the letter a in the *last* label of the domain name!),
>    libunbound crashes with *both* the asynchronous API ub_resolve_async,
>    *and* the synchronous API ub_resolve. So one can reproduce *this*
>    problem with unbound-host, too! This issue probably stems from a different
>    source than issue 1, namely a missing validation in the underlying
>    ldns code. I believe this issue is *not* fixed even in the current
>    ldns subversion trunk, as checked now (2010-02-01 16:17 +0100).
> 
> 3. Another issue that's in upstream code is: *If* the upstream library
>    checks for syntax correctly (or rather semi-correctly, that is in
>    unbound 1.4.1, as included in Debian unstable, which fixed issue 1),
>    the caller can't distinguish that error from other errors because
>    the error codes aren't exposed in the unbound library interface.
>    So the caller can't decide whether the issue was a temporary problem,
>    like for example being short of memory, or a permanent problem like
>    wrong domain syntax.
> 
> -- System Information:
> Debian Release: squeeze/sid
>   APT prefers unstable
>   APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental')
> Architecture: amd64 (x86_64)
> 
> Kernel: Linux 2.6.32-trunk-amd64 (SMP w/2 CPU cores)
> Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
> Shell: /bin/sh linked to /bin/bash
> 
> Versions of packages libunbound-dev depends on:
> ii  libunbound0               1.0.2-1+lenny1 library implementing DNS resolutio
> 
> libunbound-dev recommends no packages.
> 
> libunbound-dev suggests no packages.
> 
> -- no debconf information
> 
> 
> 
> ----- End forwarded message -----
> 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAktz14oACgkQkDLqNwOhpPiUEACfYDFlZWG0pNQeQllodLc9esvt
wgUAmwbdFL+1MP2zpFqz45FA8CRFniA8
=Sk7A
-----END PGP SIGNATURE-----