Re: Bug in Bind 9.1.0? [Summary]

[Ben Greenbaum]

This appears to not be as big a problem as it might have seemed, based
on the original report.

-------------------------------------------
From: Jonas Thambert <[EMAIL PROTECTED]>

I wasnt able to replicate this error on a
fully patched RH 7.0 with BIND 9.1.0.

----------------------------------------------
From: Stephen Clouse <[EMAIL PROTECTED]>

No effect on bind-9.1.0 built from source on linux (slackware-7.0, kernel
2.4.0).

-------------------------------------------
From: Ian Gulliver <[EMAIL PROTECTED]>

I can't reproduce this using bind 9.1.0 on Linux 2.2.16/glibc 2.1.3 against
nmap 2.54BETA1.  The source line listed would trigger if a socket family
other than AF_INET or AF_INET6 was being used.  A quick grep through the
nmap source, however, shows nothing other than AF_INET passed to socket().

------------------------------------------------
From: "Smith, John" <[EMAIL PROTECTED]>

        I cannot duplicate this with Bind 9.1.0 running on a Solaris 7 box.
The Bind install is plain vanilla (configure, make, make install).

------------------------------------------------
From: Phil Brutsche <[EMAIL PROTECTED]>

I haven't been able to reproduce this so far.

I'm using BIND 9.1.0 on Debian "potato", with Linux kernel 2.4.0, and nmap
2.53 to scan the server.

Hrm... looking at the source, I think there may be other issues with your
crash.  From lib/isc/netaddr.c (offending INSIST(0) is underlined):

void
isc_netaddr_fromsockaddr(isc_netaddr_t *t, const isc_sockaddr_t *s) {
        int family = s->type.sa.sa_family;
        t->family = family;
        switch (family) {
        case AF_INET:
                t->type.in = s->type.sin.sin_addr;
                break;
        case AF_INET6:
                memcpy(&t->type.in6, &s->type.sin6.sin6_addr, 16);
                break;
        default:
                INSIST(0);
                ^^^^^^^^^
        }
}


------------------------------------------
From: Lucian Hudin <[EMAIL PROTECTED]>

the "problem" lies in  file netaddr.c in bind 9.1.0 , line 231 with
"INSIST(0);"

this is not a bug, imho. You can compile named without asserts.
(#define ISC_CHECK_NONE in include/isc/assertions.h).


void
isc_netaddr_fromsockaddr(isc_netaddr_t *t, const isc_sockaddr_t *s) {
        int family = s->type.sa.sa_family;
        t->family = family;
        switch (family) {
        case AF_INET:
                t->type.in = s->type.sin.sin_addr;
                break;
        case AF_INET6:
                memcpy(&t->type.in6, &s->type.sin6.sin6_addr, 16);
                break;
        default:
                INSIST(0);
        }
}



searching for INSIST in source code tree also reveals this :
in "bin/tests/system/resolver/tests.sh"

"# If the server has the "INSIST(!external)" bug, this query will kill it.
$DIG +tcp www.example.com. a @10.53.0.1 -p 5300 >/dev/null || status=1"



Ben Greenbaum
Director of Site Content
SecurityFocus
http://www.securityfocus.com