Re: [Opendnssec-user] Buffer overflow on ubuntu

Sat, 13 Sep 2025 05:46:27 -0700 

Hello
I have packaged latest 2.1/develop branch to my PPA for ubuntu: https://launchpad.net/~boresexpress/+archive/ubuntu/opendnssec 


It includes fix for crash I've mentioned early in this thread. Works OK 
for me on Ubuntu 24.04 noble. Feel free to use it.


Ximon Eighteen via Opendnssec-user писал(а) 08.05.2025 10:54:


Hi Erik,


Both commit 02940f5 and commit 042eaf5 appear to compile correctly when 
applied to both 2.1.12 and 2.1.14. Note however that with commit 
02940f5, if patching sources from a release tar ball, you will need to 
exclude the testing/ directory when applying the patch as the testing/ 
directory is not included in the release tar ball.



I have not tested this further than doing a configure, make and make 
install in a Docker Ubuntu 24.0.2 container based on the instructions 
for building and installing OpenDNSSEC described at 
https://opendnssec.readthedocs.io/en/latest/quickstart/.



We hope to make a release in the coming months though I cannot say 
exactly when that might be.


Ximon


Op 8 mei 2025, om 08:52 heeft Erik P. Ostlyngen via Opendnssec-user 
<opendnssec-user@lists.opendnssec.org> het volgende geschreven:

Hi Ximon,

The fix that you mention seems to be the commit 02940f5 in the
development branch. Would it be safe for us to apply this commit as a
patch to the released version 2.1.12 of opendnssec (which we are

using) or to version 2.1.14? The patch seems to apply well 
syntactically.


Also, I see that Willem Toorop has committed a related fix 042eaf5.

Would it be safe to add this patch also to the above mentioned 
versions?


Regards,
Erik Østlyngen
Norid

On 03.05.2025 20:55, Ximon Eighteen via Opendnssec-user wrote:
Hi Boris,
I also see that the issue you describe looks similar to or might

even be the same issue fixed by 
https://github.com/opendnssec/opendnssec/pull/866 
<https://github.com/opendnssec/opendnssec/pull/866>.

That fix has not yet been included in a release of OpenDNSEC.

If I recall correctly this is also a case that setting 
_FORTIFY_SOURCE=0 during compilation will workaround.

Ximom
Op 3 mei 2025 om 19:46 heeft Ximon Eighteen <xi...@nlnetlabs.nl>
het volgende geschreven:
Hello Boris,
One possible cause could be the stricter checks enforced on newer
operating system versions.

You could try disabling these stricter checks, e.g. by defining 
_FORTIFY_SOURCE=0 when compiling OpenDNSSEC from sources:

./configure CFLAGS="-D_FORTIFY_SOURCE=0"

See https://opendnssec.readthedocs.io/en/latest/quickstart/ 
<https://opendnssec.readthedocs.io/en/latest/quickstart/>

for more complete instructions on building from sources.
Ximon

Op 3 mei 2025 om 16:02 heeft Boris Gulay via Opendnssec-user 
<opendnssec-user@lists.opendnssec.org> het volgende

geschreven:

Hello.
I'm try to run OpenDNSSEC from repo on Ubuntu 24.04. I'm
starting from scratch with single simple zone. No matter what
algorithm I'm using for keys I'm getting buffer overflow error
when daemon tries to generate KSK. I've past dump from logs
below.
Is it a known issue? How can I work around it?

Similar issue on launchpad: 
https://bugs.launchpad.net/ubuntu/+source/opendnssec/+bug/2089834

<https://bugs.launchpad.net/ubuntu/+source/opendnssec/+bug/2089834>

 May 02 23:50:45 main ods-enforcerd[2712313]: [zone_add_cmd] zone


chubarovo.ru added [policy: default] May 02 23:50:45 main

ods-enforcerd[2712313]: INFO: The XML in 
/var/lib/opendnssec/enforcer/zones.xml.update is valid May 02

23:50:45 main ods-enforcerd[2712313]: [zone_add_cmd] internal
zonelist updated successfully May 02 23:50:45 main
ods-enforcerd[2712313]: 1 zone(s) found on policy "default" May

02 23:50:45 main ods-enforcerd[2712313]: [hsm_key_factory_generate] 1 
keys needed for 1 zones covering 31536000 seconds, generating 1 keys 
for policy default May 02

23:50:45 main ods-enforcerd[2712313]: 1 new KSK(s) (2048 bits)
need to be created. May 02 23:50:45 main
ods-enforcerd[2712313]: *** buffer overflow detected ***:
terminated May 02 23:50:45 main ods-enforcerd[2712313]:
Aborted: May 02 23:50:45 main ods-enforcerd[2712313]:

unknown May 02 23:50:45 main ods-enforcerd[2712313]: Aborted May 02 
23:50:45 main ods-enforcerd[2712313]:   pthread_kill May

02 23:50:45 main ods-enforcerd[2712313]:   gsignal May 02
23:50:45 main ods-enforcerd[2712313]:   abort May 02 23:50:45
main ods-enforcerd[2712313]:   unknown May 02 23:50:45 main
ods-enforcerd[2712313]:   unknown May 02 23:50:45 main
ods-enforcerd[2712313]:   unknown May 02 23:50:45 main
ods-enforcerd[2712313]:   __snprintf_chk May 02 23:50:45 main
ods-enforcerd[2712313]:   hsm_generate_rsa_key May 02 23:50:45
main ods-enforcerd[2712313]:   hsm_key_factory_generate May 02

23:50:45 main ods-enforcerd[2712313]: hsm_key_factory_generate_policy 
May 02 23:50:45 main

ods-enforcerd[2712313]:   unknown May 02 23:50:45 main
ods-enforcerd[2712313]:   unknown May 02 23:50:45 main
ods-enforcerd[2712313]:   unknown May 02 23:50:45 main
ods-enforcerd[2712313]:   unknown May 02 23:50:45 main
ods-enforcerd[2712313]:   unknown May 02 23:50:45 main
ods-enforcerd[2712313]:   unknown May 02 23:50:45 main
ods-enforcerd[2712313]: : May 02 23:50:45 main
ods-enforcerd[2712313]: Threaddump: May 02 23:50:45 main
ods-enforcerd[2712313]:   unknown May 02 23:50:45 main
ods-enforcerd[2712313]:   unknown May 02 23:50:45 main
ods-enforcerd[2712313]:   pthread_cond_timedwait May 02
23:50:45 main ods-enforcerd[2712313]:   ods_thread_wait May 02
23:50:45 main ods-enforcerd[2712313]:   schedule_pop_task May
02 23:50:45 main ods-enforcerd[2712313]:   worker_start May 02
23:50:45 main ods-enforcerd[2712313]:   unknown May 02 23:50:45
main ods-enforcerd[2712313]:   unknown May 02 23:50:45 main
ods-enforcerd[2712313]:   unknown May 02 23:50:45 main
ods-enforcerd[2712313]: Threaddump: May 02 23:50:45 main
ods-enforcerd[2712313]:   unknown May 02 23:50:45 main
ods-enforcerd[2712313]:   unknown May 02 23:50:45 main
ods-enforcerd[2712313]:   pthread_cond_timedwait May 02
23:50:45 main ods-enforcerd[2712313]:   ods_thread_wait May 02
23:50:45 main ods-enforcerd[2712313]:   schedule_pop_task May
02 23:50:45 main ods-enforcerd[2712313]:   worker_start May 02
23:50:45 main ods-enforcerd[2712313]:   unknown May 02 23:50:45
main ods-enforcerd[2712313]:   unknown May 02 23:50:45 main
ods-enforcerd[2712313]:   unknown May 02 23:50:45 main
ods-enforcerd[2712313]:   unknown May 02 23:50:45 main
ods-enforcerd[2712313]: Threaddump: May 02 23:50:45 main
ods-enforcerd[2712313]:   unknown May 02 23:50:45 main
ods-enforcerd[2712313]:   unknown May 02 23:50:45 main
ods-enforcerd[2712313]:   pthread_cond_timedwait May 02
23:50:45 main ods-enforcerd[2712313]:   ods_thread_wait May 02
23:50:45 main ods-enforcerd[2712313]:   schedule_pop_task May
02 23:50:45 main ods-enforcerd[2712313]:   worker_start May 02
23:50:45 main ods-enforcerd[2712313]:   unknown May 02 23:50:45
main ods-enforcerd[2712313]:   unknown May 02 23:50:45 main
ods-enforcerd[2712313]:   unknown May 02 23:50:45 main
ods-enforcerd[2712313]: Threaddump: May 02 23:50:45 main
ods-enforcerd[2712313]:   unknown May 02 23:50:45 main
ods-enforcerd[2712313]:   unknown May 02 23:50:45 main
ods-enforcerd[2712313]:   pthread_cond_timedwait May 02
23:50:45 main ods-enforcerd[2712313]:   ods_thread_wait May 02
23:50:45 main ods-enforcerd[2712313]:   schedule_pop_task May
02 23:50:45 main ods-enforcerd[2712313]:   worker_start May 02
23:50:45 main ods-enforcerd[2712313]:   unknown May 02 23:50:45
main ods-enforcerd[2712313]:   unknown May 02 23:50:45 main
ods-enforcerd[2712313]:   unknown May 02 23:50:45 main
ods-enforcerd[2712313]:   pthread_kill May 02 23:50:45 main
ods-enforcerd[2712313]: Threaddump: May 02 23:50:45 main
ods-enforcerd[2712313]:   unknown May 02 23:50:45 main
ods-enforcerd[2712313]:   __select May 02 23:50:45 main
ods-enforcerd[2712313]:   cmdhandler_start May 02 23:50:45 main
ods-enforcerd[2712313]:   unknown May 02 23:50:45 main
ods-enforcerd[2712313]:   unknown May 02 23:50:45 main
ods-enforcerd[2712313]:   unknown May 02 23:50:45 main
ods-enforcerd[2712313]:   gsignal May 02 23:50:45 main
ods-enforcerd[2712313]:   abort May 02 23:50:45 main
ods-enforcerd[2712313]:   unknown May 02 23:50:45 main
ods-enforcerd[2712313]:   unknown May 02 23:50:45 main
ods-enforcerd[2712313]:   unknown May 02 23:50:45 main
ods-enforcerd[2712313]:   __snprintf_chk May 02 23:50:45 main
ods-enforcerd[2712313]:   hsm_generate_rsa_key May 02 23:50:45
main ods-enforcerd[2712313]:   hsm_key_factory_generate May 02

23:50:45 main ods-enforcerd[2712313]: hsm_key_factory_generate_policy 
May 02 23:50:45 main

ods-enforcerd[2712313]:   unknown May 02 23:50:45 main
ods-enforcerd[2712313]:   unknown May 02 23:50:45 main
ods-enforcerd[2712313]:   unknown May 02 23:50:45 main
ods-enforcerd[2712313]:   unknown May 02 23:50:45 main
ods-enforcerd[2712313]:   unknown May 02 23:50:45 main
ods-enforcerd[2712313]:   unknown May 02 23:50:45 main
ods-enforcerd[2712313]: Threaddump May 02 23:50:45 main
ods-enforcerd[2712313]: : May 02 23:50:45 main
ods-enforcerd[2712313]:   unknown May 02 23:50:45 main
ods-enforcerd[2712313]:   unknown May 02 23:50:45 main
ods-enforcerd[2712313]:   pthread_cond_timedwait May 02
23:50:45 main ods-enforcerd[2712313]:   ods_thread_wait May 02
23:50:45 main ods-enforcerd[2712313]:   schedule_pop_task May
02 23:50:45 main ods-enforcerd[2712313]:   worker_start May 02
23:50:45 main ods-enforcerd[2712313]:   unknown May 02 23:50:45
main ods-enforcerd[2712313]:   unknown May 02 23:50:45 main
ods-enforcerd[2712313]:   unknown May 02 23:50:45 main
ods-enforcerd[2712313]: Threaddump May 02 23:50:45 main
ods-enforcerd[2712313]: : May 02 23:50:45 main
ods-enforcerd[2712313]:   unknown May 02 23:50:45 main
ods-enforcerd[2712313]:   unknown May 02 23:50:45 main
ods-enforcerd[2712313]:   pthread_cond_timedwait May 02
23:50:45 main ods-enforcerd[2712313]:   ods_thread_wait May 02
23:50:45 main ods-enforcerd[2712313]:   schedule_pop_task May
02 23:50:45 main ods-enforcerd[2712313]:   worker_start May 02
23:50:45 main ods-enforcerd[2712313]:   unknown May 02 23:50:45
main ods-enforcerd[2712313]:   unknown May 02 23:50:45 main
ods-enforcerd[2712313]:   unknown May 02 23:50:45 main
ods-enforcerd[2712313]: Threaddump May 02 23:50:45 main
ods-enforcerd[2712313]: : May 02 23:50:45 main
ods-enforcerd[2712313]:   unknown May 02 23:50:45 main
ods-enforcerd[2712313]:   unknown May 02 23:50:45 main
ods-enforcerd[2712313]:   pthread_cond_timedwait May 02
23:50:45 main ods-enforcerd[2712313]:   ods_thread_wait May 02
23:50:45 main ods-enforcerd[2712313]:   schedule_pop_task May
02 23:50:45 main ods-enforcerd[2712313]:   worker_start May 02
23:50:45 main ods-enforcerd[2712313]:   unknown May 02 23:50:45
main ods-enforcerd[2712313]:   unknown May 02 23:50:45 main
ods-enforcerd[2712313]:   unknown May 02 23:50:45 main
ods-enforcerd[2712313]: Threaddump May 02 23:50:45 main
ods-enforcerd[2712313]: : May 02 23:50:45 main
ods-enforcerd[2712313]:   unknown May 02 23:50:45 main
ods-enforcerd[2712313]:   unknown May 02 23:50:45 main
ods-enforcerd[2712313]:   pthread_cond_timedwait May 02
23:50:45 main ods-enforcerd[2712313]:   ods_thread_wait May 02
23:50:45 main ods-enforcerd[2712313]:   schedule_pop_task May
02 23:50:45 main ods-enforcerd[2712313]:   worker_start May 02
23:50:45 main ods-enforcerd[2712313]:   unknown May 02 23:50:45
main ods-enforcerd[2712313]:   unknown May 02 23:50:45 main
ods-enforcerd[2712313]:   unknown May 02 23:50:45 main
ods-enforcerd[2712313]: Threaddump May 02 23:50:45 main
ods-enforcerd[2712313]: : May 02 23:50:45 main
ods-enforcerd[2712313]:   unknown May 02 23:50:45 main
ods-enforcerd[2712313]:   __select May 02 23:50:45 main
ods-enforcerd[2712313]:   cmdhandler_start May 02 23:50:45 main
ods-enforcerd[2712313]:   unknown May 02 23:50:45 main
ods-enforcerd[2712313]:   unknown May 02 23:50:45 main
ods-enforcerd[2712313]:   unknown May 02 23:50:45 main
systemd[1]: opendnssec-enforcer.service: Main process exited,
code=dumped, status=6/ABRT May 02 23:50:45 main systemd[1]:
opendnssec-enforcer.service: Failed with result 'core-dump'.
_______________________________________________ Opendnssec-user

mailing list Opendnssec-user@lists.opendnssec.org 
https://lists.opendnssec.org/mailman/listinfo/opendnssec-user 
_______________________________________________ Opendnssec-user
mailing list Opendnssec-user@lists.opendnssec.org 
https://lists.opendnssec.org/mailman/listinfo/opendnssec-user

 _______________________________________________ Opendnssec-user

mailing list Opendnssec-user@lists.opendnssec.org 
https://lists.opendnssec.org/mailman/listinfo/opendnssec-user

_______________________________________________
Opendnssec-user mailing list
Opendnssec-user@lists.opendnssec.org
https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
_______________________________________________
Opendnssec-user mailing list
Opendnssec-user@lists.opendnssec.org
https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
_______________________________________________
Opendnssec-user mailing list
Opendnssec-user@lists.opendnssec.org
https://lists.opendnssec.org/mailman/listinfo/opendnssec-user






















					Reply via email to