[Unbound-users] [hannah at schlund.de: Bug#567976: libunbound-dev: libunbound crashes when trying to resolve syntactically invalid domain names]
wouter at NLnetLabs.nl
Thu Feb 11 10:10:18 UTC 2010
-----BEGIN PGP SIGNED MESSAGE-----
1. Fixed already in the current ldns and unbound packages.
2. This is a bug in ldns, fixed in libldns.
3. But this does work? There is an error from libunbound, not a DNS
error, and this prints out as 'syntax error'.
On 02/01/2010 08:40 PM, Robert Edmonds wrote:
> FYI: a bug report from a user. i have not been able to reproduce the
> ----- Forwarded message from Hannah Schroeter <hannah at schlund.de> -----
> Date: Mon, 01 Feb 2010 16:44:13 +0100
> From: Hannah Schroeter <hannah at schlund.de>
> To: Debian Bug Tracking System <submit at bugs.debian.org>
> Subject: Bug#567976: libunbound-dev: libunbound crashes when trying to resolve syntactically
> invalid domain names
> X-Mailer: reportbug 4.10.2
> Message-ID: <20100201154413.7394.40602.reportbug at c3po.ue.schlund.de>
> Package: libunbound-dev
> Version: 1.0.2-1+lenny1
> Severity: important
> This is in fact a bug with two facets:
> 1. If I try to resolve a domain such as
> (That's *64* times the letter a)
> using ub_resolve_async, libunbound crashes (Segmentation fault in the
> asynchronous resolver thread). This does *not* occur with the
> synchronous API ub_resolve.
> This particular issue seems to be fixed in the more current
> version of libunbound such as that shipped with Debian unstable.
> Maybe it might be warranted to backport a bugfix.
> 2. If I try to resolve a domain such as
> (That's 64 times the letter a in the *last* label of the domain name!),
> libunbound crashes with *both* the asynchronous API ub_resolve_async,
> *and* the synchronous API ub_resolve. So one can reproduce *this*
> problem with unbound-host, too! This issue probably stems from a different
> source than issue 1, namely a missing validation in the underlying
> ldns code. I believe this issue is *not* fixed even in the current
> ldns subversion trunk, as checked now (2010-02-01 16:17 +0100).
> 3. Another issue that's in upstream code is: *If* the upstream library
> checks for syntax correctly (or rather semi-correctly, that is in
> unbound 1.4.1, as included in Debian unstable, which fixed issue 1),
> the caller can't distinguish that error from other errors because
> the error codes aren't exposed in the unbound library interface.
> So the caller can't decide whether the issue was a temporary problem,
> like for example being short of memory, or a permanent problem like
> wrong domain syntax.
> -- System Information:
> Debian Release: squeeze/sid
> APT prefers unstable
> APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental')
> Architecture: amd64 (x86_64)
> Kernel: Linux 2.6.32-trunk-amd64 (SMP w/2 CPU cores)
> Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
> Shell: /bin/sh linked to /bin/bash
> Versions of packages libunbound-dev depends on:
> ii libunbound0 1.0.2-1+lenny1 library implementing DNS resolutio
> libunbound-dev recommends no packages.
> libunbound-dev suggests no packages.
> -- no debconf information
> ----- End forwarded message -----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
-----END PGP SIGNATURE-----
More information about the Unbound-users