Subject: bin/12128: bind-8.2.3 segfault in ns_resp()
To: None <gnats-bugs@gnats.netbsd.org>
From: Simon J. Gerraty <sjg@quick.com.au>
List: netbsd-bugs
Date: 02/04/2001 01:02:20
>Number: 12128
>Category: bin
>Synopsis: bind-8.2.3 from 1.5 branch core dumps in ns_resp()
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: bin-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Sun Feb 04 01:05:00 PST 2001
>Closed-Date:
>Last-Modified:
>Originator: Simon J. Gerraty
>Release: 1.5.1
>Organization:
Zen Programming...
>Environment:
NetBSD gate 1.5.1_ALPHA NetBSD 1.5.1_ALPHA (GATE) #0: Fri Jan 26 09:26:29 PST 2001 root@gate:/var/obj/GATE sparc
>Description:
Just built and installed bind-8.2.3 from the 1.5 branch and it dumps core
pretty well immediately on startup.
This GDB was configured as "sparc--netbsd"...
Core was generated by `named'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /usr/libexec/ld.elf_so...done.
Reading symbols from /usr/lib/libc.so.12...done.
#0 0x3a2ec in ns_resp (msg=0xeffff360 "Hï¤\200", msglen=28, from={
sin_len = 16 '\020', sin_family = 2 '\002', sin_port = 53, sin_addr = {
s_addr = 3474032925}, sin_zero = "\000\000\000\000\000\000\000"},
qsp=0x0)
at /u3/NetBSD/1.5.X/src/usr.sbin/bind/named/../../../dist/bind/bin/named/ns_resp.c:459
459 if (ina_equal(fwd->fwddata->fwdaddr.sin_addr, from.sin_addr))
(gdb) p fwd
$1 = (struct fwdinfo *) 0x0
(gdb) p from
$2 = {sin_len = 16 '\020', sin_family = 2 '\002', sin_port = 53, sin_addr = {
s_addr = 3474032925}, sin_zero = "\000\000\000\000\000\000\000"}
The code at that point looks ok btw:
for (fwd = NS_ZFWDTAB(qp->q_fzone); fwd; fwd = fwd->next)
if (ina_equal(fwd->fwddata->fwdaddr.sin_addr, from.sin_addr))
break;
we should not reach the if with fwd==NULL
and in this core file, qp->q_fzone != NULL nor is
qp->q_fzone->z_fwdtab->fwddata
(gdb) p/x *qp->q_fzone->z_fwdtab
$18 = {next = 0x41001084, fwddata = 0x3a2ec}
(gdb) p/x *qp->q_fzone->z_fwdtab->fwddata
$19 = {fwdaddr = {sin_len = 0xd0, sin_family = 0x0, sin_port = 0x6004,
sin_addr = {s_addr = 0xd0022004}, sin_zero = {0x80, 0xa2, 0x0, 0x9, 0x2,
0x80, 0x0, 0x8}}, ns = 0x53ffffa, nsdata = 0x8410a090,
ref_count = 0x8400801e}
(gdb) p/x *qp->q_fzone->z_fwdtab->next
Cannot access memory at address 0x41001084.
(gdb)
but qp->q_fzone->z_fwdtab->next is bogus, and since
the address in qp->q_fzone->z_fwdtab->fwddata does not match from, we go
to the next entry and die.
named.conf lists two forwarders.
>How-To-Repeat:
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted: