[ldns-users] Segfault bug in ldns 1.6.17
Calle Dybedahl
calle at init.se
Fri Jun 13 09:59:20 UTC 2014
I think I found the problem. At line 1137 in resolver.c, ldns_pkt_free() is
unconditionally called on answer_pkt, but if ldns_wire2pkt() failed
answer_pkt is not pointing at allocated memory. Changing it so that
ldns_pkt_free() is only called if stat is LDNS_STATUS_OK seems to fix the
problem. At least my code doesn't segfault any more if I do that.
/Calle
On 13 June 2014 11:07, Calle Dybedahl <calle at init.se> wrote:
> Hello.
>
> Here's some C code that, at least right now, makes ldns segfault when
> trying to free memory that was never allocated. The server in question does
> send back data that is in some way malformed, so in some way I guess ldns
> is insufficiently paranoid.
>
> I'm trying to look into the problem, but since I'm neither a very good C
> programmer nor very familiar with the ldns internals I'm not proceeding
> very quickly. So I'm hoping someone else will go "Oh, right, that's the
> problem" and fix it right away :-)
>
> /Calle
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/ldns-users/attachments/20140613/06e755a1/attachment.htm>
More information about the ldns-users
mailing list