From roker at pep-project.org Fri Sep 1 10:03:28 2017 From: roker at pep-project.org (Lars Rohwedder) Date: Fri, 1 Sep 2017 12:03:28 +0200 Subject: [ldns-users] Crash in ldns_rr_list_clone caused by illegal ldns_pkt ? Message-ID: <09da84ce-a435-09cf-60d8-74d04fc712bb@pep-project.org> Hi there, I try to find the reasons for a crash in my program using ldns 1.6.17. My program calls ldns_pkt_rr_list_by_type() but it seems the packet it got is bogus. So I looked into the source of ldns and found this code in function ldns_resolver_search(): { ldns_pkt* pkt = NULL; if(function_that_might_fail() != LDNS_STATUS_OK) { ldns_pkt_free( pkt ); } return pkt; } so when the function returns a failure, the pkt is freed, but the pointer pkt is not set to NULL, so a pointer to a freed packet (with possibly illegal content) is returned, instead of a null pointer. I don't know whether this causes the crash I have but it is nevertheless a bug in the code, isn't it? Greetings, Lars R. -------------- next part -------------- A non-text attachment was scrubbed... Name: 0x88396C78.asc Type: application/pgp-keys Size: 3906 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: OpenPGP digital signature URL: From willem at nlnetlabs.nl Fri Sep 1 11:26:31 2017 From: willem at nlnetlabs.nl (Willem Toorop) Date: Fri, 1 Sep 2017 13:26:31 +0200 Subject: [ldns-users] Crash in ldns_rr_list_clone caused by illegal ldns_pkt ? In-Reply-To: <09da84ce-a435-09cf-60d8-74d04fc712bb@pep-project.org> References: <09da84ce-a435-09cf-60d8-74d04fc712bb@pep-project.org> Message-ID: <108337c1-a0fb-d567-a2a3-f8c74dbfd48f@nlnetlabs.nl> Op 01-09-17 om 12:03 schreef Lars Rohwedder: > Hi there, > > I try to find the reasons for a crash in my program using ldns 1.6.17. > > My program calls ldns_pkt_rr_list_by_type() but it seems the packet it > got is bogus. > > So I looked into the source of ldns and found this code in function > ldns_resolver_search(): > > { > ldns_pkt* pkt = NULL; > if(function_that_might_fail() != LDNS_STATUS_OK) > { > ldns_pkt_free( pkt ); > } > return pkt; > } > > so when the function returns a failure, the pkt is freed, but the > pointer pkt is not set to NULL, so a pointer to a freed packet (with > possibly illegal content) is returned, instead of a null pointer. > > I don't know whether this causes the crash I have but it is nevertheless > a bug in the code, isn't it? Well... It certainly doesn't look nice. I see that the intention was that pkt would be untouched or set to NULL if an error occurred in function_that_might_fail() (it is passed in by reference). However, this style is very susceptible to errors (and maybe there are errors in function_that_might_fail() already...), so I'll patched it anyway: https://git.nlnetlabs.nl/ldns/commit/?id=6167a260 Cheers, -- Willem > > Greetings, > > Lars R. > > > > _______________________________________________ > ldns-users mailing list > ldns-users at nlnetlabs.nl > https://open.nlnetlabs.nl/mailman/listinfo/ldns-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 829 bytes Desc: OpenPGP digital signature URL: From roker at pep-project.org Fri Sep 8 09:28:11 2017 From: roker at pep-project.org (Lars Rohwedder) Date: Fri, 8 Sep 2017 11:28:11 +0200 Subject: [ldns-users] =?utf-8?q?https=3A//git=2Enlnetlabs=2Enl/ldns/_?= =?utf-8?q?=E2=80=93=C2=A0Internal_Server_Error?= Message-ID: <096a37e3-3bcd-b2e4-e413-206afc4cf31d@pep-project.org> I got that for several days. What's going on there? :-( L. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: OpenPGP digital signature URL: From willem at nlnetlabs.nl Mon Sep 11 08:00:19 2017 From: willem at nlnetlabs.nl (Willem Toorop) Date: Mon, 11 Sep 2017 10:00:19 +0200 Subject: [ldns-users] =?utf-8?q?https=3A//git=2Enlnetlabs=2Enl/ldns/_?= =?utf-8?q?=E2=80=93=C2=A0Internal_Server_Error?= In-Reply-To: <096a37e3-3bcd-b2e4-e413-206afc4cf31d@pep-project.org> References: <096a37e3-3bcd-b2e4-e413-206afc4cf31d@pep-project.org> Message-ID: Lars, Acknowledged. The current setup doesn't seem to be very robust. I'll try to move the public facing git repo to a known to be stable environment today. Sorry about this! -- Willem Op 08-09-17 om 11:28 schreef Lars Rohwedder: > I got that for several days. What's going on there? :-( > > L. > > > > _______________________________________________ > ldns-users mailing list > ldns-users at nlnetlabs.nl > https://open.nlnetlabs.nl/mailman/listinfo/ldns-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 829 bytes Desc: OpenPGP digital signature URL: From jfogel2 at bloomberg.net Tue Sep 19 20:45:42 2017 From: jfogel2 at bloomberg.net (Jason Fogel (BLOOMBERG/ 120 PARK)) Date: Tue, 19 Sep 2017 20:45:42 -0000 Subject: [ldns-users] =?utf-8?q?Writing_a_DNS_AXFR_proxy_in_Python_with_ld?= =?utf-8?q?ns?= Message-ID: <59C181F60219010400390A1B_0_100709@msllnjpmsgsv06> My scenario is that I'm writing a DNS AXFR proxy in Python, using ldns. Basically, we want to insert a proxy between our DNS server and various unreliable hidden master backends. So instead of our server directly performing AXFR against those hidden masters, it will perform them against the proxy, which will in turn perform the AXFR against the hidden master, validate the results in various ways, and send the data back to our DNS server. I was able to start a server listening for DNS requests and parse client AXFR requests. It's easy enough to then perform an AXFR with ldns, which gives me nice RR objects I can easily validate. However, I'm struggling to figure out how to then turn those RRs back into something I can send to the client on the wire via python's socket interface. I'm sure it has something to do with converting it to wire format and using struct to pack it, but I can't quite figure it out. Here's approximately what I have so far: connection, address = socket.accept() data = connection.recv(self.buffer_size) # I use dnslib here to parse out the zone_name of the AXFR query # [...] resolver = ldns.ldns_resolver.new_frm_file('resolv.test') start_status = resolver.axfr_start(zone_name, ldns.LDNS_RR_CLASS_IN) if start_status != ldns.LDNS_STATUS_OK: raise Exception("Can't start AXFR. Error: %s" % ldns.ldns_get_errorstr_by_id(start_status)) # Loop through the RRs as we get them while True: rr = resolv.axfr_next() if not rr: # End of AXFR break # Do various checks to validate the RR # [...] # Extract the wire data from the rr buff = ldns.ldns_buffer(self.buffer_size) char_list = [] rr._ldns_rr.write_to_buffer(buff, 1) while buff.remaining() > 0: char_list.append(buff.getc()) Using getc() seems to let me pull out the RR in wire format one character at a time as ASCII code INTs. I can use chr() to convert these to characters, but after that I'm pretty lost for how to use struct to convert that to binary data and send it back over the socket. Preferably I'd like to do this as a I receive the data, because some of the zones are very large (250k+ records) and I don't want to wait until the transfer has completed to start proxying it back. Thank you! - Jason Fogel -------------- next part -------------- An HTML attachment was scrubbed... URL: