thr3ads.net - nsd users - [nsd-users] SIGSEGV in rbtree_find_less

If this information is useful, please help other people find it:
Share via:

Jeroen Koekkoek

2024-Oct-09 11:53 UTC

[nsd-users] SIGSEGV in rbtree_find_less_equal

Hi Chris,

I can reproduce with your zone. Thanks!

Best,
Jeroen


On Tue, 2024-10-08 at 14:07 +0000, Chris LaVallee wrote:> 
> Hi Jeroen,
> 
> 
> Attached is the zone I used. Did you add the record for a.bar ?
> 
> 
> Ex:
> 
> 
> a.bar ? 300 ? ? IN ?NS ? ? ?ns.somewhere.net.
> 
> 
> Chris
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> From: Jeroen Koekkoek <jeroen at nlnetlabs.nl>
> Sent: Tuesday, October 8, 2024 5:33 AM
> To: Chris LaVallee <clavallee at edg.io>; nsd-users at
lists.nlnetlabs.nl
> <nsd-users at lists.nlnetlabs.nl>
> Subject: Re: [nsd-users] SIGSEGV in rbtree_find_less_equal
> 
> ?
> 
> 
> Hi Chris,
> 
> I'm having trouble trying to reproduce the issue locally.
> 
> Like you I configure two zones.
> 
> zone:
> ? name: example.com.
> ? zonefile: example.com.zone.signed
> 
> zone:
> ? name: bar.example.com.
> ? zonefile: bar.example.com.zone
> 
> The file bar.example.com.zone does not exist. After touching and
> reloading the signed zone, no segfault occurs. I've tried with and
> without the "--disable-radix-tree" configure option (as the error
> occurs in the rbtree). I've also tried with example.com. being an
> NSEC
> and NSEC3 zone.
> 
> Can you provide some more details?
> 
> Best regards,
> Jeroen
> 
> 
> 
> 
> On Wed, 2024-10-02 at 14:57 +0000, Chris LaVallee via nsd-users
> wrote:
> > 
> > Hi,
> > 
> > 
> > I found a reproducible?seg fault with a DNSSEC signed zone and
> > overlapping config. I'm running NSD 4.10.1. Here's how to
> > reproduce.
> > 
> > 
> > 2 zones in nsd.conf:
> > 
> > 
> > zone:
> > ? ? ? ? name: ? ? "foo.com."
> > ? ? ? ? zonefile: ? ? "/zones/foo.com.zone.signed"
> > 
> > 
> > zone:
> > ? ? ? ? name: ? ? "bar.foo.com."
> > ? ? ? ? zonefile: "/zones/bar.foo.com.zone"
> > 
> > 
> > 
> > 
> > Zone files:
> > 
> > 
> > foo.com.zone.signed is DNSSEC signed with a record for a.bar (A
> > record or anything)
> > bar.foo.com.zone doesn't exist ?(but it's in nsd.conf shown
above)
> > 
> > 
> > 
> > 
> > Steps:
> > 1) Startup NSD
> > 2) touch foo.com.zone.signed
> > 3) reload NSD
> > 
> > 
> > 
> > 
> > nsd.log will say:
> > [2024-10-02 07:19:58.691] nsd[962739]: info: control cmd: ?reload
> > [2024-10-02 07:19:58.845] nsd[962752]: error: handle_reload_cmd:
> > reload closed cmd channel
> > [2024-10-02 07:19:58.845] nsd[962752]: warning: Reload process
> > 962740
> > failed, continuing with old database
> > 
> > 
> > core dump says SIGSEGV in rbtree_find_less_equal
> > 
> > 
> > 
> > 
> > Chris LaVallee
> > Edgio (formally EdgeCast Networks)
> > 
> > 
> > 
> > 
> > _______________________________________________
> > nsd-users mailing list
> > nsd-users at lists.nlnetlabs.nl
> > https://lists.nlnetlabs.nl/mailman/listinfo/nsd-users
>

Jeroen Koekkoek

2024-Oct-16 10:18 UTC

head link

[nsd-users] SIGSEGV in rbtree_find_less_equal

Hi Chris,

I've properly started looking into this yesterday. NSD definitely
shouldn't crash, still working on that.

However, the provided zone is invalid too(?) I'm not the foremost
expert on NSEC3 (or even DNSSEC), but is seems an NSEC3 is missing for
bar.foo.com. Empty non-terminals should still have an NSEC3 RR.

(Of course, the delegation point should be at bar.foo.com. too and
a.bar.foo.com. is an occluded name and this situation is purely
hypothetical).

I used the attached zone file along with the following commands to
generate a zone file to The input I used to generate:

ldns-keygen -a 13 -k foo.com
dnssec-signzone -3 AA61D5A398769C09 -H 0 -S -A -z -o foo.com.
foo.com.zone Kfoo.com.+013+58636

Doesn't get me the exact the same thing, but good enough to get the
same segfault.

- Jeroen


On Wed, 2024-10-09 at 13:53 +0200, Jeroen Koekkoek via nsd-users
wrote:> Hi Chris,
> 
> I can reproduce with your zone. Thanks!
> 
> Best,
> Jeroen
> 
> 
> On Tue, 2024-10-08 at 14:07 +0000, Chris LaVallee wrote:
> > 
> > Hi Jeroen,
> > 
> > 
> > Attached is the zone I used. Did you add the record for a.bar ?
> > 
> > 
> > Ex:
> > 
> > 
> > a.bar ? 300 ? ? IN ?NS ? ? ?ns.somewhere.net.
> > 
> > 
> > Chris
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > From: Jeroen Koekkoek <jeroen at nlnetlabs.nl>
> > Sent: Tuesday, October 8, 2024 5:33 AM
> > To: Chris LaVallee <clavallee at edg.io>; nsd-users at
lists.nlnetlabs.nl
> > <nsd-users at lists.nlnetlabs.nl>
> > Subject: Re: [nsd-users] SIGSEGV in rbtree_find_less_equal
> > 
> > ?
> > 
> > 
> > Hi Chris,
> > 
> > I'm having trouble trying to reproduce the issue locally.
> > 
> > Like you I configure two zones.
> > 
> > zone:
> > ? name: example.com.
> > ? zonefile: example.com.zone.signed
> > 
> > zone:
> > ? name: bar.example.com.
> > ? zonefile: bar.example.com.zone
> > 
> > The file bar.example.com.zone does not exist. After touching and
> > reloading the signed zone, no segfault occurs. I've tried with and
> > without the "--disable-radix-tree" configure option (as the
error
> > occurs in the rbtree). I've also tried with example.com. being an
> > NSEC
> > and NSEC3 zone.
> > 
> > Can you provide some more details?
> > 
> > Best regards,
> > Jeroen
> > 
> > 
> > 
> > 
> > On Wed, 2024-10-02 at 14:57 +0000, Chris LaVallee via nsd-users
> > wrote:
> > > 
> > > Hi,
> > > 
> > > 
> > > I found a reproducible?seg fault with a DNSSEC signed zone and
> > > overlapping config. I'm running NSD 4.10.1. Here's how to
> > > reproduce.
> > > 
> > > 
> > > 2 zones in nsd.conf:
> > > 
> > > 
> > > zone:
> > > ? ? ? ? name: ? ? "foo.com."
> > > ? ? ? ? zonefile: ? ? "/zones/foo.com.zone.signed"
> > > 
> > > 
> > > zone:
> > > ? ? ? ? name: ? ? "bar.foo.com."
> > > ? ? ? ? zonefile: "/zones/bar.foo.com.zone"
> > > 
> > > 
> > > 
> > > 
> > > Zone files:
> > > 
> > > 
> > > foo.com.zone.signed is DNSSEC signed with a record for a.bar (A
> > > record or anything)
> > > bar.foo.com.zone doesn't exist ?(but it's in nsd.conf
shown
> > > above)
> > > 
> > > 
> > > 
> > > 
> > > Steps:
> > > 1) Startup NSD
> > > 2) touch foo.com.zone.signed
> > > 3) reload NSD
> > > 
> > > 
> > > 
> > > 
> > > nsd.log will say:
> > > [2024-10-02 07:19:58.691] nsd[962739]: info: control cmd: ?reload
> > > [2024-10-02 07:19:58.845] nsd[962752]: error: handle_reload_cmd:
> > > reload closed cmd channel
> > > [2024-10-02 07:19:58.845] nsd[962752]: warning: Reload process
> > > 962740
> > > failed, continuing with old database
> > > 
> > > 
> > > core dump says SIGSEGV in rbtree_find_less_equal
> > > 
> > > 
> > > 
> > > 
> > > Chris LaVallee
> > > Edgio (formally EdgeCast Networks)
> > > 
> > > 
> > > 
> > > 
> > > _______________________________________________
> > > nsd-users mailing list
> > > nsd-users at lists.nlnetlabs.nl
> > > https://lists.nlnetlabs.nl/mailman/listinfo/nsd-users
> > 
> 
> _______________________________________________
> nsd-users mailing list
> nsd-users at lists.nlnetlabs.nl
> https://lists.nlnetlabs.nl/mailman/listinfo/nsd-users
-------------- next part --------------
$ORIGIN foo.com.
foo.com. 86400 IN SOA ns.somewhere.net hostmaster.somecompany.com. (
  2065715743 ; serial
  10800      ; refresh (3 hours)
  1080       ; retry (18 minutes)
  2419200    ; expire (4 weeks)
  900        ; minimum (15 minutes)
  )

a.bar.foo.com. 300 IN NS ns.somewhere.net.

Possibly Parallel Threads

Search for more apparently analagous threads

nsd users - Oct 2024 - SIGSEGV in rbtree_find_less_equal

[nsd-users] SIGSEGV in rbtree_find_less_equal

[nsd-users] SIGSEGV in rbtree_find_less_equal

Possibly Parallel Threads