Uploaded image for project: 'OpenDNSSEC'
  1. OpenDNSSEC
  2. OPENDNSSEC-838

Crash in signer after having removed a zone

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 1.4.10
    • Fix Version/s: None
    • Component/s: None
    • Labels:
      None

      Description

      Filed on the user mailing list:

      I recently added and removed a few zones from our OpenDNSSEC
      setup, and this appears to have caused ods-signerd to crash:

      pid 1361 (ods-signerd), uid 1072: exited on signal 11 (core dumped)

      > tack trace:
      >
      > Core was generated by `ods-signerd'.
      > Program terminated with signal 11, Segmentation fault.
      > #0 0x000000000042a45a in netio_dispatch ()
      > (gdb) where
      > #0 0x000000000042a45a in netio_dispatch ()
      > #1 0x000000000040df3e in xfrhandler_start ()
      > #2 0x000000000040e26e in xfrhandler_thread_start ()
      > #3 0x00007f7ff560b3ae in ?? () from /usr/lib/libpthread.so.1
      > #4 0x00007f7ff6075e90 in ___lwp_park50 () from /usr/lib/libc.so.12
      > #5 0x00007f7ff4400000 in ?? ()
      > #6 0x00007f7ff7ff14c0 in ?? ()
      > #7 0x0000000111110001 in ?? ()
      > #8 0x0000000033330003 in ?? ()
      > #9 0x0000000000000000 in ?? ()
      > (gdb)
      > (gdb) x/i netio_dispatch
      > 0x42a383 <netio_dispatch>: push %r15
      > (gdb)

      With debug symbols:

      Program terminated with signal 11, Segmentation fault.
      #0 netio_dispatch (netio=0x7f7ff7b2a0c0, timeout=<optimized out>, sigmask=0x0)
      at wire/netio.c:250
      250 relative.tv_sec = handler->timeout->tv_sec;
      (gdb) p handler
      $1 = (netio_handler_type *) 0x7f7fe300b2b8
      (gdb) p $->timeout
      $2 = (struct timespec *) 0x7522203031203031
      (gdb) p handler->timeout->tv_sec
      Cannot access memory at address 0x7522203031203031
      (gdb) where
      #0 netio_dispatch (netio=0x7f7ff7b2a0c0, timeout=<optimized out>, sigmask=0x0)
      at wire/netio.c:250
      #1 0x000000000040df3e in xfrhandler_start (xfrhandler=0x7f7ff7b76090)
      at daemon/xfrhandler.c:133
      #2 0x000000000040e26e in xfrhandler_thread_start (arg=<optimized out>)
      at daemon/engine.c:255
      #3 0x00007f7ff560b3ae in ?? () from /usr/lib/libpthread.so.1
      #4 0x00007f7ff6075e90 in ___lwp_park50 () from /usr/lib/libc.so.12
      #5 0x00007f7ff4400000 in ?? ()
      #6 0x00007f7ff7ff14c0 in ?? ()
      #7 0x0000000111110001 in ?? ()
      #8 0x0000000033330003 in ?? ()
      #9 0x0000000000000000 in ?? ()
      (gdb)

      Looks like either "use after free" or "someone scribbled
      somewhere they should not".

        Attachments

          Activity

            People

            Assignee:
            hodar Hoda Rohani
            Reporter:
            berry Berry van Halderen
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: