Hi,
I was “assigned” the RC bug as part of BugSprint
(http://wiki.debian.org/BugSprint).
After some time debugging, i can add more information.
Here is a more simple use case to reproduce the bug from a fresh
install of bind9. Add the following lines to
/etc/bind/named.conf.local.
--8<-----------------------------------
acl "plop1" {
{ 192.168.1.0/24; };
};
acl "plop2" {
{ 192.168.1.8; 192.168.1.128; };
};
zone "example.com" {
type master;
file "/etc/bind/db.local";
allow-update { "plop2"; "plop1"; };
};
----------------------------------->8--
Something very weird is that the following changes make it work
correctly :
--8<-----------------------------------
- { 192.168.1.8; 192.168.1.128; };
+ { 192.168.1.8; 192.168.1.X; };
----------------------------------->8--
with X < 128
or
--8<-----------------------------------
- allow-update { "plop2"; "plop1"; };
+ allow-update { "plop1"; "plop2"; };
----------------------------------->8--
The backtrace for the segv is the following :
--8<-----------------------------------
#0 0x00007f136e6c7839 in is_insecure (prefix=0x7f136ecf55b0,
data=0x7f136ed1e6f8) at acl.c:499
#1 0x00007f136d871624 in isc_radix_process (radix=0x7f136ed17a60,
func=0x7f136e6c77dd <is_insecure>) at radix.c:227
#2 0x00007f136e6c7958 in dns_acl_isinsecure (a=0x7f136ecf3ce0) at acl.c:546
#3 0x000000000045153e in ns_zone_configure (config=0x7f136ed198d0,
vconfig=0x0, zconfig=0x7f136ed1bb50, ac=0x41626fe0, zone=0x13d62a0) at
zoneconf.c:663
#4 0x0000000000437689 in configure_zone (config=0x7f136ed198d0,
zconfig=0x7f136ed1bb50, vconfig=0x0, mctx=0x1308350, view=0x137bf20,
aclconf=0x41626fe0) at server.c:2484
#5 0x00000000004331e8 in configure_view (view=0x137bf20,
config=0x7f136ed198d0, vconfig=0x0, mctx=0x1308350, actx=0x41626fe0,
need_hints=isc_boolean_true) at server.c:1127
#6 0x00000000004393b7 in load_configuration (filename=0x4660a1
"/etc/bind/named.conf", server=0x7f136ecfe010, first_time=isc_boolean_true) at
server.c:3275
#7 0x000000000043ab5f in run_server (task=0x7f136ed07010, event=0x0) at
server.c:3703
----------------------------------->8--
I think that the problem comes from the acl struture (arg ac in
ns_zone_configure ()) which is not filled correctly :
1 : configure_zone () server.c:2484
2: ns_zone_configure () (zoneconf.c, line 657)
-> RETERR(configure_zone_acl(zconfig, vconfig, config, "allow-update", ac,
zone, dns_zone_setupdateacl, dns_zone_clearupdateacl));
3: configure_zone_acl() (zoneconf.c, line 93)
-> result = cfg_acl_fromconfig(aclobj, config, ns_g_lctx, actx,
dns_zone_getmctx(zone), 0, &dacl);
4: cfg_acl_fromconfig() (aclconf.c, line 253)
-> result = dns_iptable_addprefix(iptab, &addr, bitlen, ISC_TF(nest_level
!= 0 || !neg));
5: dns_iptable_addprefix (iptable.c, line 61)
-> result = isc_radix_insert(tab->radix, &node, NULL, &pfx);
6: isc_radix_insert (radix.c, line 301)
-> ....
The segv occurs because the node->data[] 'array' contains null value
but it should not hence i think there is something goes wrong in
isc_radix_insert() with this use case.
It's a bit difficult to fix this bug regarding the complexity of the
code, and difficult to have a fix with no side effects.
I'm CCing [EMAIL PROTECTED], and hope they could take a look at these
bugs and help us to fix them.
Any help would be appreciated.
Cheers,
--
Emmanuel Bouthenot
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
