Maintained by: NLnet Labs

[Unbound-users] Segfault on user not found with 1.5.3

W.C.A. Wijngaards
Mon Mar 23 21:44:20 CET 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Maciej,

On 03/23/2015 09:41 PM, Maciej Soltysiak wrote:
> Hi Wouter,
> 
> On Mon, Mar 23, 2015 at 9:21 PM, W.C.A. Wijngaards
> <wouter at nlnetlabs.nl <mailto:wouter at nlnetlabs.nl>> wrote:
> 
> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
> 
> Hi Maciej,
> 
> On 03/23/2015 06:04 PM, Maciej Soltysiak wrote:
>> Hi,
>> 
>> I just took the latest 1.5.3, compiled it and ran the executable 
>> without doing any config. Just to see what happens.
>> 
>> It segfaulted after saying user unbound not found.
>> 
>> The issue is in util/config_file.c in function 
>> config_lookup_uid().
>> 
>> getpwnam() can return NULL and so subsequent referrences to
>> pw_uid and pw_gid are invalid.
>> 
>> This patch corrects the code path to assign uid and gid only if 
>> getpwnam() is successful.
>> 
>> It also removes the log_err() call, because perform_setup() in 
>> daemon/unbound.c would print it anyway in fatal_exit()
>> 
>> I know it's a tiny buglet, but I couldn't resist fixing a
>> segfault :-)
> 
> Thank you for the report, applied it by setting checks on the
> success of that lookup and continuing with the error printed.
> 
> Thanks for reviewing and applying.
> 
> What you applied to SVN is exactly what I've done initially. That
> however made it first display "user 'unbound' does not exist."
> twice. First from util/config_file.c. That allows the code run
> further, until it encounters a getpwnam() call in perform_setup()
> of unbound.c where it has fatal_exit() with the same message.
> 
> Confirmed with gdb.
> 
> That's why I removed the duplication to allow the latter error
> message to show up.
> 
> I think you might want to look at it again; or maybe point me where
> I'm making a mistake.
> 

Yes you are right, and I re-fixed it like your commit,

Best regards,
   Wouter


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJVEHskAAoJEJ9vHC1+BF+Nv+IP/RmDtx89YqIHNJHQwmS0e9+u
qTKK5YPkdL5qgBKh1QDFg81lVzSXzDETZNu5r0Wzn+O4Fj/cqF91hrrNgLk17XWV
sjFpsy9A9Uw2wSq7UMyzNX7GDrv34Cv2UWefxGeEQuFmeL63SYKoK4qQCI3Obx02
oJTmR+3XJ+977Mjqjd2D76PK+ai649MWBC3kxwMmPet4jhDwg5WbjEUBzHGdeI3A
OBTWSbIShPFpUmiGG1rWdPOnpiJm0XZfYlXaqSdzr61VwYvU/+oqWgjJoN19HmEu
2ofWsXBrTPLoRJIlnRZIf5l1m6bftwp3SiBQZPELnrdPNPbjjHx3CZ/mBzIQ+7Zb
yOoDpl53PUE9FRg7g3O6BZKBqRvTt9T532UlqEa6zhJHuGDFcTJHbD0LKPmgSiZ/
dwmsbGkRT8B4PV1eYaxKxWRf3c4eWbGYZ4EYLJbMqekGFhMJ8E/TWOHZD7BjECTR
tKwTq3nco2SrO5sPnlQp28VnziC+jShn1aJIsaCBoM8/nm3yNJM+BAw6jSQXgcgi
2pp/yOXRz7kfSVjyyH4JBjW+k9U0KXoTL59jb1fCiABl/8CA97Aw/XRKeh8rLBFM
LpFmMQ9pE9MZJ8BpSgpgMkG+sF5STeWKS/JWHvTbSJ2m6EkbtHi0iiBUchf/qt9V
1LeaIXkceD8ZGWv6blBJ
=jAw4
-----END PGP SIGNATURE-----