netbsd-bugs: Re: bin/12128: bind-8.2.3 segfault in ns

Subject: Re: bin/12128: bind-8.2.3 segfault in ns_resp()
To: Simon J. Gerraty <sjg@quick.com.au>
From: Manuel Bouyer <bouyer@antioche.lip6.fr>
List: netbsd-bugs
Date: 02/04/2001 14:12:37
On Sun, Feb 04, 2001 at 01:04:05AM -0800, Simon J. Gerraty wrote:
> [...]
> >Description:
> 	
> Just built and installed bind-8.2.3 from the 1.5 branch and it dumps core
> pretty well immediately on startup.
> 
> This GDB was configured as "sparc--netbsd"...
> Core was generated by `named'.
> Program terminated with signal 11, Segmentation fault.
> Reading symbols from /usr/libexec/ld.elf_so...done.
> Reading symbols from /usr/lib/libc.so.12...done.
> #0  0x3a2ec in ns_resp (msg=0xeffff360 "Hï¤\200", msglen=28, from={
>       sin_len = 16 '\020', sin_family = 2 '\002', sin_port = 53, sin_addr = {
>         s_addr = 3474032925}, sin_zero = "\000\000\000\000\000\000\000"}, 
>     qsp=0x0)
>     at /u3/NetBSD/1.5.X/src/usr.sbin/bind/named/../../../dist/bind/bin/named/ns_resp.c:459
> 459                     if (ina_equal(fwd->fwddata->fwdaddr.sin_addr, from.sin_addr))
> (gdb) p fwd
> $1 = (struct fwdinfo *) 0x0
> (gdb) p from
> $2 = {sin_len = 16 '\020', sin_family = 2 '\002', sin_port = 53, sin_addr = {
>     s_addr = 3474032925}, sin_zero = "\000\000\000\000\000\000\000"}
> 
> The code at that point looks ok btw:
> 
> 	for (fwd = NS_ZFWDTAB(qp->q_fzone); fwd; fwd = fwd->next)
> 		if (ina_equal(fwd->fwddata->fwdaddr.sin_addr, from.sin_addr))
> 			break;
> 
> we should not reach the if with fwd==NULL
> and in this core file, qp->q_fzone != NULL nor is 
> qp->q_fzone->z_fwdtab->fwddata
> 
> (gdb) p/x *qp->q_fzone->z_fwdtab
> $18 = {next = 0x41001084, fwddata = 0x3a2ec}
> (gdb) p/x *qp->q_fzone->z_fwdtab->fwddata
> $19 = {fwdaddr = {sin_len = 0xd0, sin_family = 0x0, sin_port = 0x6004, 
>     sin_addr = {s_addr = 0xd0022004}, sin_zero = {0x80, 0xa2, 0x0, 0x9, 0x2, 
>       0x80, 0x0, 0x8}}, ns = 0x53ffffa, nsdata = 0x8410a090, 
>   ref_count = 0x8400801e}
> (gdb) p/x *qp->q_fzone->z_fwdtab->next
> Cannot access memory at address 0x41001084.
> (gdb) 
> 
> but qp->q_fzone->z_fwdtab->next is bogus, and since 
> the address in qp->q_fzone->z_fwdtab->fwddata does not match from, we go
> to the next entry and die.
> 
> named.conf lists two forwarders.

I ran into this as well, with 2 forwarders too. As I didn't find a core dump
I though it was just something that changed in the way we have to configure
bind, and removed the forwarders because I was short of time. This was on
a sparc too.

Interestingly, this seems to work fine on i386.

--
Manuel Bouyer <bouyer@antioche.eu.org>
--