[ldns-users] Crash in ldns_rr_list_clone caused by illegal ldns_pkt ?

Willem Toorop willem at nlnetlabs.nl
Fri Sep 1 11:26:31 UTC 2017

Op 01-09-17 om 12:03 schreef Lars Rohwedder:
> Hi there,
> I try to find the reasons for a crash in my program using ldns 1.6.17.
> My program calls ldns_pkt_rr_list_by_type() but it seems the packet it
> got is bogus.
> So I looked into the source of ldns and found this code in function
> ldns_resolver_search():
> {
>    ldns_pkt* pkt = NULL;
>    if(function_that_might_fail() != LDNS_STATUS_OK)
>    {
>        ldns_pkt_free( pkt );
>    }
>    return pkt;
> }
> so when the function returns a failure, the pkt is freed, but the
> pointer pkt is not set to NULL, so a pointer to a freed packet (with
> possibly illegal content) is returned, instead of a null pointer.
> I don't know whether this causes the crash I have but it is nevertheless
> a bug in the code, isn't it?

Well... It certainly doesn't look nice.  I see that the intention was
that pkt would be untouched or set to NULL if an error occurred in
function_that_might_fail() (it is passed in by reference).  However,
this style is very susceptible to errors (and maybe there are errors in
function_that_might_fail() already...), so I'll patched it anyway:


-- Willem
> Greetings,
> 		Lars R.
> _______________________________________________
> ldns-users mailing list
> ldns-users at nlnetlabs.nl
> https://open.nlnetlabs.nl/mailman/listinfo/ldns-users

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 829 bytes
Desc: OpenPGP digital signature
URL: <http://lists.nlnetlabs.nl/pipermail/ldns-users/attachments/20170901/b14e7ab6/attachment.bin>

More information about the ldns-users mailing list