[ldns-users] Crash in ldns_rr_list_clone caused by illegal ldns_pkt ?
Willem Toorop
willem at nlnetlabs.nl
Fri Sep 1 11:26:31 UTC 2017
Op 01-09-17 om 12:03 schreef Lars Rohwedder:
> Hi there,
>
> I try to find the reasons for a crash in my program using ldns 1.6.17.
>
> My program calls ldns_pkt_rr_list_by_type() but it seems the packet it
> got is bogus.
>
> So I looked into the source of ldns and found this code in function
> ldns_resolver_search():
>
> {
> ldns_pkt* pkt = NULL;
> if(function_that_might_fail() != LDNS_STATUS_OK)
> {
> ldns_pkt_free( pkt );
> }
> return pkt;
> }
>
> so when the function returns a failure, the pkt is freed, but the
> pointer pkt is not set to NULL, so a pointer to a freed packet (with
> possibly illegal content) is returned, instead of a null pointer.
>
> I don't know whether this causes the crash I have but it is nevertheless
> a bug in the code, isn't it?
Well... It certainly doesn't look nice. I see that the intention was
that pkt would be untouched or set to NULL if an error occurred in
function_that_might_fail() (it is passed in by reference). However,
this style is very susceptible to errors (and maybe there are errors in
function_that_might_fail() already...), so I'll patched it anyway:
https://git.nlnetlabs.nl/ldns/commit/?id=6167a260
Cheers,
-- Willem
>
> Greetings,
>
> Lars R.
>
>
>
> _______________________________________________
> ldns-users mailing list
> ldns-users at nlnetlabs.nl
> https://open.nlnetlabs.nl/mailman/listinfo/ldns-users
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 829 bytes
Desc: OpenPGP digital signature
URL: <http://lists.nlnetlabs.nl/pipermail/ldns-users/attachments/20170901/b14e7ab6/attachment.bin>
More information about the ldns-users
mailing list