[nsd-users] SIGSEGV in rbtree_find_less_equal

Chris LaVallee clavallee at edg.io
Wed Oct 16 14:30:35 UTC 2024 

Hi Jeroen,

In the case that triggered this crash for us, someone typo-ed nsd.conf by adding the zone "bar.foo.com" (which didn't exist). They meant to add a different zone name.

Chris
________________________________
From: Jeroen Koekkoek <jeroen at nlnetlabs.nl>
Sent: Wednesday, October 16, 2024 3:18 AM
To: Chris LaVallee <clavallee at edg.io>; nsd-users at lists.nlnetlabs.nl <nsd-users at lists.nlnetlabs.nl>
Subject: Re: [nsd-users] SIGSEGV in rbtree_find_less_equal

Hi Chris,

I've properly started looking into this yesterday. NSD definitely
shouldn't crash, still working on that.

However, the provided zone is invalid too(?) I'm not the foremost
expert on NSEC3 (or even DNSSEC), but is seems an NSEC3 is missing for
bar.foo.com. Empty non-terminals should still have an NSEC3 RR.

(Of course, the delegation point should be at bar.foo.com. too and
a.bar.foo.com. is an occluded name and this situation is purely
hypothetical).

I used the attached zone file along with the following commands to
generate a zone file to The input I used to generate:

ldns-keygen -a 13 -k foo.com
dnssec-signzone -3 AA61D5A398769C09 -H 0 -S -A -z -o foo.com.
foo.com.zone Kfoo.com.+013+58636

Doesn't get me the exact the same thing, but good enough to get the
same segfault.

- Jeroen


On Wed, 2024-10-09 at 13:53 +0200, Jeroen Koekkoek via nsd-users wrote:
> Hi Chris,
>
> I can reproduce with your zone. Thanks!
>
> Best,
> Jeroen
>
>
> On Tue, 2024-10-08 at 14:07 +0000, Chris LaVallee wrote:
> >
> > Hi Jeroen,
> >
> >
> > Attached is the zone I used. Did you add the record for a.bar ?
> >
> >
> > Ex:
> >
> >
> > a.bar   300     IN  NS      ns.somewhere.net.
> >
> >
> > Chris
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > From: Jeroen Koekkoek <jeroen at nlnetlabs.nl>
> > Sent: Tuesday, October 8, 2024 5:33 AM
> > To: Chris LaVallee <clavallee at edg.io>; nsd-users at lists.nlnetlabs.nl
> > <nsd-users at lists.nlnetlabs.nl>
> > Subject: Re: [nsd-users] SIGSEGV in rbtree_find_less_equal
> >
> >
> >
> >
> > Hi Chris,
> >
> > I'm having trouble trying to reproduce the issue locally.
> >
> > Like you I configure two zones.
> >
> > zone:
> >   name: example.com.
> >   zonefile: example.com.zone.signed
> >
> > zone:
> >   name: bar.example.com.
> >   zonefile: bar.example.com.zone
> >
> > The file bar.example.com.zone does not exist. After touching and
> > reloading the signed zone, no segfault occurs. I've tried with and
> > without the "--disable-radix-tree" configure option (as the error
> > occurs in the rbtree). I've also tried with example.com. being an
> > NSEC
> > and NSEC3 zone.
> >
> > Can you provide some more details?
> >
> > Best regards,
> > Jeroen
> >
> >
> >
> >
> > On Wed, 2024-10-02 at 14:57 +0000, Chris LaVallee via nsd-users
> > wrote:
> > >
> > > Hi,
> > >
> > >
> > > I found a reproducible seg fault with a DNSSEC signed zone and
> > > overlapping config. I'm running NSD 4.10.1. Here's how to
> > > reproduce.
> > >
> > >
> > > 2 zones in nsd.conf:
> > >
> > >
> > > zone:
> > >         name:     "foo.com."
> > >         zonefile:     "/zones/foo.com.zone.signed"
> > >
> > >
> > > zone:
> > >         name:     "bar.foo.com."
> > >         zonefile: "/zones/bar.foo.com.zone"
> > >
> > >
> > >
> > >
> > > Zone files:
> > >
> > >
> > > foo.com.zone.signed is DNSSEC signed with a record for a.bar (A
> > > record or anything)
> > > bar.foo.com.zone doesn't exist  (but it's in nsd.conf shown
> > > above)
> > >
> > >
> > >
> > >
> > > Steps:
> > > 1) Startup NSD
> > > 2) touch foo.com.zone.signed
> > > 3) reload NSD
> > >
> > >
> > >
> > >
> > > nsd.log will say:
> > > [2024-10-02 07:19:58.691] nsd[962739]: info: control cmd:  reload
> > > [2024-10-02 07:19:58.845] nsd[962752]: error: handle_reload_cmd:
> > > reload closed cmd channel
> > > [2024-10-02 07:19:58.845] nsd[962752]: warning: Reload process
> > > 962740
> > > failed, continuing with old database
> > >
> > >
> > > core dump says SIGSEGV in rbtree_find_less_equal
> > >
> > >
> > >
> > >
> > > Chris LaVallee
> > > Edgio (formally EdgeCast Networks)
> > >
> > >
> > >
> > >
> > > _______________________________________________
> > > nsd-users mailing list
> > > nsd-users at lists.nlnetlabs.nl
> > > https://lists.nlnetlabs.nl/mailman/listinfo/nsd-users
> >
>
> _______________________________________________
> nsd-users mailing list
> nsd-users at lists.nlnetlabs.nl
> https://lists.nlnetlabs.nl/mailman/listinfo/nsd-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/nsd-users/attachments/20241016/0fce8a48/attachment.htm>

More information about the nsd-users mailing list