Simon Kelley
2015-11-14 17:56:55 UTC
Thanks for that.
The problem occurs when there's an A (or AAAA) record defined locally
in a hosts file, and then some reply from upstream includes an empty
record for the same name.
The code is supposed to check for a clash between local and upstream,
ie different addresses, and if there is one, it handles that
differently to the case where upstream gives the _same_ address as the
local definition. The case that upstream returns "no data" wasn't
handled properly, it should be part of the "clash" code-path, since
hosts files can't define a name to be empty.
Your fix is exactly the right thing to do, and I've committed it to
the git repo.
Cheers,
Simon.
The problem occurs when there's an A (or AAAA) record defined locally
in a hosts file, and then some reply from upstream includes an empty
record for the same name.
The code is supposed to check for a clash between local and upstream,
ie different addresses, and if there is one, it handles that
differently to the case where upstream gives the _same_ address as the
local definition. The case that upstream returns "no data" wasn't
handled properly, it should be part of the "clash" code-path, since
hosts files can't define a name to be empty.
Your fix is exactly the right thing to do, and I've committed it to
the git repo.
Cheers,
Simon.
Hi,
dnsmasq 2.73 and 2.75 on OpenWrt CHAOS CALMER (15.05, r46767)
crashes with a NULL dereference when certain domain names are
ttl=45, flags=296) at cache.c:490 else if ((flags & F_IPV6) &&
(new->flags & F_IPV6) &&
IN6_ARE_ADDR_EQUAL(&new->addr.addr.addr.addr6, &addr->addr.addr6))
newc = cache_insert(name, NULL, now, ttl ? ttl : cttl, F_FORWARD |
F_NEG | flags | secflag);
do_bit=<optimized out>, ad_reqd=<optimized out>, bogusanswer=0,
cache_secure=0) at forward.c:644 #3 0x0040d864 in reply_query
(fd=<optimized out>, family=<optimized out>,
0x00403a3c in main (argc=<optimized out>, argv=<optimized out>) at
dnsmasq.c:1004
As a temporary workaround to stop it from crashing I have added a
NULL check, but I'm not sure what the intended behaviour would be
---
./build_dir/target-mips_34kc_uClibc-0.9.33.2/dnsmasq-dhcpv6/dnsmasq-2.
75/src/cache.cdnsmasq 2.73 and 2.75 on OpenWrt CHAOS CALMER (15.05, r46767)
crashes with a NULL dereference when certain domain names are
ttl=45, flags=296) at cache.c:490 else if ((flags & F_IPV6) &&
(new->flags & F_IPV6) &&
IN6_ARE_ADDR_EQUAL(&new->addr.addr.addr.addr6, &addr->addr.addr6))
newc = cache_insert(name, NULL, now, ttl ? ttl : cttl, F_FORWARD |
F_NEG | flags | secflag);
do_bit=<optimized out>, ad_reqd=<optimized out>, bogusanswer=0,
cache_secure=0) at forward.c:644 #3 0x0040d864 in reply_query
(fd=<optimized out>, family=<optimized out>,
0x00403a3c in main (argc=<optimized out>, argv=<optimized out>) at
dnsmasq.c:1004
As a temporary workaround to stop it from crashing I have added a
NULL check, but I'm not sure what the intended behaviour would be
---
./build_dir/target-mips_34kc_uClibc-0.9.33.2/dnsmasq-dhcpv6/dnsmasq-2.
2015-07-30 22:59:07.000000000 +0300 +++
./build_dir/target-mips_34kc_uClibc-0.9.33.2/dnsmasq-nodhcpv6/dnsmasq-
2.75/src/cache.c./build_dir/target-mips_34kc_uClibc-0.9.33.2/dnsmasq-nodhcpv6/dnsmasq-
record is for an A or AAAA and the record we're trying to insert is
the same, just drop the insert, but don't error the whole process.
*/ - if ((flags & (F_IPV4 | F_IPV6)) && (flags & F_FORWARD)) +
if ((flags & (F_IPV4 | F_IPV6)) && (flags & F_FORWARD) && addr)
bbc.112.2o7.net $ cat /var/etc/dnsmasq.conf # auto-generated config
file from /etc/config/dhcp conf-file=/etc/dnsmasq.conf
dhcp-authoritative domain-needed localise-queries read-ethers
bogus-priv expand-hosts local-service domain=lan server=/lan/
addn-hosts=/etc/block.hosts dhcp-leasefile=/tmp/dhcp.leases
resolv-file=/tmp/resolv.conf.auto stop-dns-rebind
rebind-localhost-ok rebind-domain-ok=skylable.com
dhcp-broadcast=tag:needs-broadcast addn-hosts=/tmp/hosts
conf-dir=/tmp/dnsmasq.d
dhcp-host=e0:3f:49:a0:6e:d4,192.168.1.2,debian
dhcp-host=64:51:06:22:ad:dd,192.168.1.129,hp
dhcp-range=lan,192.168.1.100,192.168.1.249,255.255.255.0,12h
no-dhcp-interface=pppoe-wan
the same, just drop the insert, but don't error the whole process.
*/ - if ((flags & (F_IPV4 | F_IPV6)) && (flags & F_FORWARD)) +
if ((flags & (F_IPV4 | F_IPV6)) && (flags & F_FORWARD) && addr)
bbc.112.2o7.net $ cat /var/etc/dnsmasq.conf # auto-generated config
file from /etc/config/dhcp conf-file=/etc/dnsmasq.conf
dhcp-authoritative domain-needed localise-queries read-ethers
bogus-priv expand-hosts local-service domain=lan server=/lan/
addn-hosts=/etc/block.hosts dhcp-leasefile=/tmp/dhcp.leases
resolv-file=/tmp/resolv.conf.auto stop-dns-rebind
rebind-localhost-ok rebind-domain-ok=skylable.com
dhcp-broadcast=tag:needs-broadcast addn-hosts=/tmp/hosts
conf-dir=/tmp/dnsmasq.d
dhcp-host=e0:3f:49:a0:6e:d4,192.168.1.2,debian
dhcp-host=64:51:06:22:ad:dd,192.168.1.129,hp
dhcp-range=lan,192.168.1.100,192.168.1.249,255.255.255.0,12h
no-dhcp-interface=pppoe-wan