[ldns-users] Crash in ldns_rr_list_clone caused by illegal ldns_pkt ?

Lars Rohwedder roker at pep-project.org
Fri Sep 1 10:03:28 UTC 2017

Hi there,

I try to find the reasons for a crash in my program using ldns 1.6.17.

My program calls ldns_pkt_rr_list_by_type() but it seems the packet it
got is bogus.

So I looked into the source of ldns and found this code in function

   ldns_pkt* pkt = NULL;
   if(function_that_might_fail() != LDNS_STATUS_OK)
       ldns_pkt_free( pkt );
   return pkt;

so when the function returns a failure, the pkt is freed, but the
pointer pkt is not set to NULL, so a pointer to a freed packet (with
possibly illegal content) is returned, instead of a null pointer.

I don't know whether this causes the crash I have but it is nevertheless
a bug in the code, isn't it?


		Lars R.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x88396C78.asc
Type: application/pgp-keys
Size: 3906 bytes
Desc: not available
URL: <http://lists.nlnetlabs.nl/pipermail/ldns-users/attachments/20170901/59ef668d/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.nlnetlabs.nl/pipermail/ldns-users/attachments/20170901/59ef668d/attachment-0001.bin>

More information about the ldns-users mailing list