[ldns-users] Crash in ldns_rr_list_clone caused by illegal ldns_pkt ?
Lars Rohwedder
roker at pep-project.org
Fri Sep 1 10:03:28 UTC 2017
Hi there,
I try to find the reasons for a crash in my program using ldns 1.6.17.
My program calls ldns_pkt_rr_list_by_type() but it seems the packet it
got is bogus.
So I looked into the source of ldns and found this code in function
ldns_resolver_search():
{
ldns_pkt* pkt = NULL;
if(function_that_might_fail() != LDNS_STATUS_OK)
{
ldns_pkt_free( pkt );
}
return pkt;
}
so when the function returns a failure, the pkt is freed, but the
pointer pkt is not set to NULL, so a pointer to a freed packet (with
possibly illegal content) is returned, instead of a null pointer.
I don't know whether this causes the crash I have but it is nevertheless
a bug in the code, isn't it?
Greetings,
Lars R.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x88396C78.asc
Type: application/pgp-keys
Size: 3906 bytes
Desc: not available
URL: <http://lists.nlnetlabs.nl/pipermail/ldns-users/attachments/20170901/59ef668d/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.nlnetlabs.nl/pipermail/ldns-users/attachments/20170901/59ef668d/attachment-0001.bin>
More information about the ldns-users
mailing list