thr3ads.net - nsd users - [nsd-users] SIGSEGV in rbtree_find_less

If this information is useful, please help other people find it:
Share via:

Chris LaVallee

2024-Oct-02 14:57 UTC

[nsd-users] SIGSEGV in rbtree_find_less_equal

Hi,

I found a reproducible seg fault with a DNSSEC signed zone and overlapping
config. I'm running NSD 4.10.1. Here's how to reproduce.

2 zones in nsd.conf:

zone:
        name:     "foo.com."
        zonefile:     "/zones/foo.com.zone.signed"

zone:
        name:     "bar.foo.com."
        zonefile: "/zones/bar.foo.com.zone"


Zone files:

foo.com.zone.signed is DNSSEC signed with a record for a.bar (A record or
anything)
bar.foo.com.zone doesn't exist  (but it's in nsd.conf shown above)


Steps:
1) Startup NSD
2) touch foo.com.zone.signed
3) reload NSD


nsd.log will say:
[2024-10-02 07:19:58.691] nsd[962739]: info: control cmd:  reload
[2024-10-02 07:19:58.845] nsd[962752]: error: handle_reload_cmd: reload closed
cmd channel
[2024-10-02 07:19:58.845] nsd[962752]: warning: Reload process 962740 failed,
continuing with old database

core dump says SIGSEGV in rbtree_find_less_equal


Chris LaVallee
Edgio (formally EdgeCast Networks)


-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.nlnetlabs.nl/pipermail/nsd-users/attachments/20241002/548fce00/attachment.htm>

Jeroen Koekkoek

2024-Oct-08 06:14 UTC

head link

[nsd-users] SIGSEGV in rbtree_find_less_equal

Hi Chris,

Thanks for reporting! I'll look into this.

- Jeroen


On Wed, 2024-10-02 at 14:57 +0000, Chris LaVallee via nsd-users
wrote:> 
> Hi,
> 
> 
> I found a reproducible?seg fault with a DNSSEC signed zone and
> overlapping config. I'm running NSD 4.10.1. Here's how to
reproduce.
> 
> 
> 2 zones in nsd.conf:
> 
> 
> zone:
> ? ? ? ? name: ? ? "foo.com."
> ? ? ? ? zonefile: ? ? "/zones/foo.com.zone.signed"
> 
> 
> zone:
> ? ? ? ? name: ? ? "bar.foo.com."
> ? ? ? ? zonefile: "/zones/bar.foo.com.zone"
> 
> 
> 
> 
> Zone files:
> 
> 
> foo.com.zone.signed is DNSSEC signed with a record for a.bar (A
> record or anything)
> bar.foo.com.zone doesn't exist ?(but it's in nsd.conf shown above)
> 
> 
> 
> 
> Steps:
> 1) Startup NSD
> 2) touch foo.com.zone.signed
> 3) reload NSD
> 
> 
> 
> 
> nsd.log will say:
> [2024-10-02 07:19:58.691] nsd[962739]: info: control cmd: ?reload
> [2024-10-02 07:19:58.845] nsd[962752]: error: handle_reload_cmd:
> reload closed cmd channel
> [2024-10-02 07:19:58.845] nsd[962752]: warning: Reload process 962740
> failed, continuing with old database
> 
> 
> core dump says SIGSEGV in rbtree_find_less_equal
> 
> 
> 
> 
> Chris LaVallee
> Edgio (formally EdgeCast Networks)
> 
> 
> 
> 
> _______________________________________________
> nsd-users mailing list
> nsd-users at lists.nlnetlabs.nl
> https://lists.nlnetlabs.nl/mailman/listinfo/nsd-users

Jeroen Koekkoek

2024-Oct-08 12:33 UTC

head link

[nsd-users] SIGSEGV in rbtree_find_less_equal

Hi Chris,

I'm having trouble trying to reproduce the issue locally.

Like you I configure two zones.

zone:
  name: example.com.
  zonefile: example.com.zone.signed

zone:
  name: bar.example.com.
  zonefile: bar.example.com.zone

The file bar.example.com.zone does not exist. After touching and
reloading the signed zone, no segfault occurs. I've tried with and
without the "--disable-radix-tree" configure option (as the error
occurs in the rbtree). I've also tried with example.com. being an NSEC
and NSEC3 zone.

Can you provide some more details?

Best regards,
Jeroen




On Wed, 2024-10-02 at 14:57 +0000, Chris LaVallee via nsd-users
wrote:> 
> Hi,
> 
> 
> I found a reproducible?seg fault with a DNSSEC signed zone and
> overlapping config. I'm running NSD 4.10.1. Here's how to
reproduce.
> 
> 
> 2 zones in nsd.conf:
> 
> 
> zone:
> ? ? ? ? name: ? ? "foo.com."
> ? ? ? ? zonefile: ? ? "/zones/foo.com.zone.signed"
> 
> 
> zone:
> ? ? ? ? name: ? ? "bar.foo.com."
> ? ? ? ? zonefile: "/zones/bar.foo.com.zone"
> 
> 
> 
> 
> Zone files:
> 
> 
> foo.com.zone.signed is DNSSEC signed with a record for a.bar (A
> record or anything)
> bar.foo.com.zone doesn't exist ?(but it's in nsd.conf shown above)
> 
> 
> 
> 
> Steps:
> 1) Startup NSD
> 2) touch foo.com.zone.signed
> 3) reload NSD
> 
> 
> 
> 
> nsd.log will say:
> [2024-10-02 07:19:58.691] nsd[962739]: info: control cmd: ?reload
> [2024-10-02 07:19:58.845] nsd[962752]: error: handle_reload_cmd:
> reload closed cmd channel
> [2024-10-02 07:19:58.845] nsd[962752]: warning: Reload process 962740
> failed, continuing with old database
> 
> 
> core dump says SIGSEGV in rbtree_find_less_equal
> 
> 
> 
> 
> Chris LaVallee
> Edgio (formally EdgeCast Networks)
> 
> 
> 
> 
> _______________________________________________
> nsd-users mailing list
> nsd-users at lists.nlnetlabs.nl
> https://lists.nlnetlabs.nl/mailman/listinfo/nsd-users

Apparently Analagous Threads

Search for more seemingly similar threads

nsd users - Oct 2024 - SIGSEGV in rbtree_find_less_equal

[nsd-users] SIGSEGV in rbtree_find_less_equal

[nsd-users] SIGSEGV in rbtree_find_less_equal

[nsd-users] SIGSEGV in rbtree_find_less_equal

Apparently Analagous Threads