bugzilla-daemon at bugzilla.mindrot.org
2012-Jun-26 04:03 UTC
[Bug 2022] New: ssh segfaults when using ldns, SSHFP, a DNSSEC-enabled resolver and a CNAME
https://bugzilla.mindrot.org/show_bug.cgi?id=2022
Bug #: 2022
Summary: ssh segfaults when using ldns, SSHFP, a DNSSEC-enabled
resolver and a CNAME
Classification: Unclassified
Product: Portable OpenSSH
Version: 6.0p1
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: ssh
AssignedTo: unassigned-bugs at mindrot.org
ReportedBy: gregdlg+mr at hochet.info
Created attachment 2166
--> https://bugzilla.mindrot.org/attachment.cgi?id=2166
Short example
Hello,
Under the following conditions, SSH crash:
- SSH is compiled with ldns for DNS support
- You use a DNS resolver with DNSSEC enabled
- You have SSHFP keys
- You attempt to connect through a CNAME (instead of the host name, see
attachment)
I have tracked the problem down to the file
openbsd-compat/getrrsetbyname-ldns.c
In function getrrsetbyname, when the DNS resolver sets the ad flags,
ssh doesn't allocate memory to contain RRSIG signatures. However it
still attempts to copy those signatures from the DNS answer. If
rrset->rri_sigs is null, rdata = &rrset->rri_sigs[0] is still null and
the signature is ignored later in the code. Luckily, most of the time,
you only have one signature and there is no problem. If you have a
CNAME, you got two signatures and &rrset->rri_sigs[1] is no not null
hence the segfault.
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2012-Jun-26 04:07 UTC
[Bug 2022] ssh segfaults when using ldns, SSHFP, a DNSSEC-enabled resolver and a CNAME
https://bugzilla.mindrot.org/show_bug.cgi?id=2022 --- Comment #1 from gregdlg+mr at hochet.info 2012-06-26 14:07:24 EST --- Created attachment 2167 --> https://bugzilla.mindrot.org/attachment.cgi?id=2167 A short patch to solve the problem -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2012-Jun-27 22:58 UTC
[Bug 2022] ssh segfaults when using ldns, SSHFP, a DNSSEC-enabled resolver and a CNAME
https://bugzilla.mindrot.org/show_bug.cgi?id=2022
Darren Tucker <dtucker at zip.com.au> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |dtucker at zip.com.au
Blocks| |1986
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
Possibly Parallel Threads
- [Bug 2022] ssh segfaults when using ldns, SSHFP, a DNSSEC-enabled resolver and a CNAME
- [PATCH] Add support for ldns
- [Bug 2022] ssh segfaults when using ldns, SSHFP, a DNSSEC-enabled resolver and a CNAME
- [Bug 2119] New: SSHFP with DNSSEC – no trust anchors given, validation always fails
- [Bug 2708] New: openssh: 7.5p1 update breaks ldns/sshfp