Bug#501800: Please, provide a full example of the bug

Sat, 18 Oct 2008 08:14:06 -0700 

tags: 501800 -moreinfo +confirmed
found: 501800 1:9.5.0.dfsg.P2-1

thank you

> attached you will find 2 files which will reproduce the error on my server.
> The funny thing is, that named crashes, if you use he line:
> allow-update { key ddns; "ADservers"; "lan"; };
> But with 
> allow-update { key ddns; "lan"; "ADservers"; };
> it runs. So I can use my old configuration, if I change the order of the
> address list of allow-update. Very strange.
> I hope, you can reproduce the error now.

Indeed I could.
The configuration that I used is:
--- named.conf
include "/etc/bind/named.conf.options";

acl "lan" {
        { 192.168.42.0/24; };
};

acl "ADservers" {
        { 192.168.42.2; 192.168.69.2; 192.168.42.149; };
};

key "ddns" {
        algorithm hmac-md5;
        secret "IVqRBcWBoPU2LhJTFnaJrw==";
};

view "internal" {
match-clients { 127.0.0.1; "lan"; };
recursion yes;
allow-recursion { 127.0.0.1; "lan"; };

zone "example.com" {
        type master;
        file "/etc/bind/db.local";
        allow-update { key ddns; "ADservers"; "lan"; };
        check-names ignore;
};

};
---

The SEGV is being produced before logging that the acl is insecure. A pseudo
fix can be made avoiding the check, the following makes this partcular SEGV
dissapear:
--- zoneconf.ugly.hack
--- ./bin/named/zoneconf.c      2008-05-21 20:26:11.000000000 -0300
+++ ./bin/named/zoneconf.c.hack 2008-10-18 11:29:52.000000000 -0300
@@ -660,7 +660,7 @@
                                          dns_zone_clearupdateacl));
 
                updateacl = dns_zone_getupdateacl(zone);
-               if (updateacl != NULL  && dns_acl_isinsecure(updateacl))
+               if (updateacl != NULL  && 0 && dns_acl_isinsecure(updateacl))
                        isc_log_write(ns_g_lctx, DNS_LOGCATEGORY_SECURITY,
                                      NS_LOGMODULE_SERVER, ISC_LOG_WARNING,
                                      "zone '%s' allows updates by IP "
---

Which only confirms that the problem is acl specific. I suspect that some acl
function has a Null pointer (probably inside ./lib/isc/radix.c), but I'm
having some weird problems when I try to debug it.

I compiled bind9 with DEB_BUILD_OPTIONS="noopt debug nostrip" debuild

But when I tried to use gdb I get:
(gdb) break main
Breakpoint 1 at 0x23c58: file ./main.c, line 818.
(gdb) run
Starting program: /usr/sbin/named -f
Warning:
Cannot insert breakpoint 1.
Error accessing memory address 0x23c58: Input/output error.

I couldn't find info about this issue. I'll try debugging with printf and see
if I can find something.

-- 
Saludos /\/\ /\ >< `/



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to