[nsd-users] [PATCH] nsd-patch: fix segfault after renaming slave zone

Ilya Bakulin Ilya_Bakulin at genua.de
Mon Jul 23 11:58:46 UTC 2012 

Hi all,
we have discovered a segfault in nsd-patch when renaming slave zone in nsd 
config file if some data for this zone still exists in the IXFR diff 
database.
In my case, the zone "black" was renamed to "blackinwhite":
> root at ggd115:/cage/nsd/var/nsd/zones#nsd-patch -c
> /cage/nsd/etc/nsd-dns-slave.conf
> reading database 
> reading updates to database
> [1343043191] nsd-patch[10800]: error: xfr: zone black. not in config.
> [1343043191] nsd-patch[10800]: error: no zone exists
> writing changed zones
> Segmentation fault (core dumped)

The problem is that on line 407 of nsd-patch it tries to printf() a 
message "zone %s had not changed", where %s is zone->opts->name:
>                 for(zone = db->zones; zone; zone = zone->next)
>                 {
>                         if(!force_write && !zone->updated) {
>                                 fprintf(stdout, "zone %s had not
> changed.\n", zone->opts->name);
>                                 continue;
>                         }

zone->opts is filled in in difffile.c around line 675: 
> zone->opts = zone_options_find(opt, domain_dname(zone->apex));
>         if(!zone->opts) {
>                 log_msg(LOG_ERR, "xfr: zone %s not in config.",
>                         dname_to_string(zone_name,0));
>                 return 0;
>         }

As a result, nsd-patch tries to dereference a null pointer when trying to 
print zone name.
I think the proper fix is to move the code that adds zone structure to the 
linked list at the very end of find_zone(). Attached patch fixes the issue 
described above. This patch is for nsd 3.2.11.

Please review and comment if you find it nessesary/useful/awful :-)
--
Best regards,
Ilya Bakulin

genua
Gesellschaft fuer Netzwerk- und Unix-Administration mbH
Domagkstrasse 7, 85551 Kirchheim bei Muenchen
tel +49 89 991950-0, fax -999, www.genua.de
Geschaeftsfuehrer: Dr. Magnus Harlander, Dr. Michaela Harlander,
Bernhard Schneck. Amtsgericht Muenchen HRB 98238
-------------- next part --------------
A non-text attachment was scrubbed...
Name: difffile.c.diff
Type: text/x-diff
Size: 826 bytes
Desc: not available
URL: <http://lists.nlnetlabs.nl/pipermail/nsd-users/attachments/20120723/ebf8fa84/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.nlnetlabs.nl/pipermail/nsd-users/attachments/20120723/ebf8fa84/attachment-0001.bin>

More information about the nsd-users mailing list