TCP and NSSEARCH = Core dump

Joshua Rogers megamansec at gmail.com
Thu Nov 28 10:20:35 UTC 2013


Hi everyone.

I'm unsure of the email I should be writing to, but I chose this one;


I've just found a segfault/core dump bug in dig.

Running a dig command with +nssearch and +tcp will cause dig to coredump..

Example:
--snip--

$ dig +time=3 +nssearch +tcp google.com
socket.c:2535: REQUIRE(socketp != ((void *)0) && *socketp == ((void
*)0)) failed, back trace
#0 0xb3f77b in ??
#1 0xb3f6c4 in ??
#2 0xb72062 in ??
#3 0xd1d3ef in ??
#4 0xd1d7c3 in ??
#5 0xb629ac in ??
#6 0x972d4c in ??
#7 0x55bbae in ??
Aborted (core dumped)

--/snip--


It was discovered whilst running "dig +time=3 +nssearch tynyturi.com",
which [sometimes] dumps.
--
SOA v1s1.xundns.com. nsadmin.xundns.com. 50845 3600 600 604800 600 from
server 121.10.104.50 in 258 ms.
SOA v1s1.xundns.com. nsadmin.xundns.com. 50845 3600 600 604800 600 from
server 59.63.165.131 in 260 ms.
SOA v1s1.xundns.com. nsadmin.xundns.com. 50845 3600 600 604800 600 from
server 59.63.181.21 in 261 ms.
SOA v1s1.xundns.com. nsadmin.xundns.com. 50845 3600 600 604800 600 from
server 60.174.233.164 in 271 ms.
;; Truncated, retrying in TCP mode.
socket.c:2535: REQUIRE(socketp != ((void *)0) && *socketp == ((void
*)0)) failed, back trace
#0 0x29877b in ??
#1 0x2986c4 in ??
#2 0x2cb062 in ??
#3 0xb8a3ef in ??
#4 0xb8a7c3 in ??
#5 0x2bb9ac in ??
#6 0x828d4c in ??
#7 0x92cbae in ??
Aborted (core dumped)

--


And finally, gdb output:


--snip--
Starting program: /usr/bin/dig +time=3 +nssearch +tcp tynyturi.com
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/i386-linux-gnu/libthread_db.so.1".
[New Thread 0xb7f93b40 (LWP 10758)]
[New Thread 0xb7792b40 (LWP 10759)]
[New Thread 0xb6f91b40 (LWP 10760)]
socket.c:2535: REQUIRE(socketp != ((void *)0) && *socketp == ((void
*)0)) failed, back trace
#0 0x31977b in ??
#1 0x3196c4 in ??
#2 0x34c062 in ??
#3 0x8000d3ef in ??
#4 0x8000d7c3 in ??
#5 0x33c9ac in ??
#6 0x371d4c in ??
#7 0x475bae in ??

Program received signal SIGABRT, Aborted.
[Switching to Thread 0xb7f93b40 (LWP 10758)]
0x00132416 in __kernel_vsyscall ()
(gdb) backtrace
#0  0x00132416 in __kernel_vsyscall ()
#1  0x003b41df in raise () from /lib/i386-linux-gnu/libc.so.6
#2  0x003b7825 in abort () from /lib/i386-linux-gnu/libc.so.6
#3  0x003196c9 in isc_assertion_failed () from /usr/lib/libisc.so.83
#4  0x0034c062 in isc__socket_create () from /usr/lib/libisc.so.83
#5  0x8000d3ef in ?? ()
#6  0x8000d7c3 in ?? ()
#7  0x0033c9ac in ?? () from /usr/lib/libisc.so.83
#8  0x00371d4c in start_thread () from /lib/i386-linux-gnu/libpthread.so.0
#9  0x00475bae in clone () from /lib/i386-linux-gnu/libc.so.6
--/snip--


Hopefully this information is useful :)



Thanks,

-- 
*Joshua Rogers* - gpg pubkey
<http://www.internot.info/docs/gpg_pubkey.asc.gpg>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/inn-bugs/attachments/20131128/15848959/attachment.html>


More information about the inn-bugs mailing list