BIND-9.8.0 crashes on DDNS update with update-policy external: NULL key
Jan-Piet Mens
jpmens.dns at gmail.com
Sat Mar 19 11:06:10 UTC 2011
Hello,
I've been trying to get the example code in bin/tests/system/tsiggss to
work on BIND 9.8.0 when signing an update with a SIG(0) key. BIND is
configured --with-gssapi but it crashes with a SIGSEV just before
talking to the Unix socket.
I believe the attached patch solves the issue, at least it does so here
on Centos 5.5 and Mac OSX 10.6.6. :)
Steps to reproduce:
1. Use the example named.conf and authsock.pl as in
bin/tests/system/tsiggss
2. Create a SIG(0) key
$ dnssec-keygen -C -a DSA -b 512 -n HOST -T KEY jp.example.nil.
3. Add the .key to example.nil.db
4. Launch
$ named -c ns1/named.conf -g
5. Start authsock.pl
$ authsock.pl --path=ns1/auth.sock --type=CNAME
6. Perform update
$ nsupdate -k Kjp.example.nil.+003+07313.private < /tmp/x
$ cat /tmp/x
server 127.0.0.1 5300
zone example.nil
update add fred.example.nil 120 cname foo.bar.
send
On a related note, I would have expected/wanted the IP address of the
updater to be passed down through the Unix socket, but that doesn't
happen. Am I misunderstanding the "protocol"?
version=1 signer=jp.example.nil name=fred.example.nil \
addr= type=CNAME key= key_data_len=0
Regards,
-JP
-------------- next part --------------
*** bind-9.8.0/lib/dns/dst_api.c.original Sat Mar 19 11:42:35 2011
--- bind-9.8.0/lib/dns/dst_api.c Sat Mar 19 11:44:05 2011
***************
*** 1778,1782 ****
isc_buffer_t *
dst_key_tkeytoken(const dst_key_t *key) {
! return (key->key_tkeytoken);
}
--- 1778,1782 ----
isc_buffer_t *
dst_key_tkeytoken(const dst_key_t *key) {
! return (key) ? key->key_tkeytoken : NULL;
}
More information about the bind-workers
mailing list