Ticket #401 (closed segfault: fixed)

Opened 2 years ago

Last modified 2 years ago

Segfault while dnsing irc.choopa.net

Reported by: bryan Owned by: bryan
Priority: blocker Milestone: 1.2.15
Component: dns Version: 1.2.14
Keywords: Cc:

Description (last modified by bryan) (diff)

.gdb-backtrace: 

No symbol table info available.
#5  0x0809b98f in egg_dns_lookup (host=0xbffffb90 "irc.choopa.net",
    timeout=20, callback=0x80e48ba <server_dns_callback>, client_data=0x1)
    at _adns.c:434
        q = (dns_query_t *) 0x0
        i = 2
        cache_id = 3
#6  0x080e4870 in connect_server () at ../server.mod/servmsg.c:1537
        chan = (chanset_t *) 0x0
        x = (server_list *) 0x817b768
        dns_id = 0
        pass = '\0' <repeats 120 times>
        botserver = "irc.choopa.net", '\0' <repeats 309 times>
        newidx = 1
        botserverport = 6667
#7  0x080e7864 in server_secondly () at ../server.mod/server.c:941
No locals.

gdb: 

(gdb) bt
#0  0x0809b98f in egg_dns_lookup (host=0xbffffb90 "irc.choopa.net", timeout=20,
    callback=0x80e48ba <server_dns_callback>, client_data=0x1) at _adns.c:434
#1  0x080e4870 in connect_server () at ../server.mod/servmsg.c:1537
#2  0x080e7864 in server_secondly () at ../server.mod/server.c:941
#3  0x08089b62 in timer_run () at _egg_timer.c:238
#4  0x0808f7c7 in main (argc=2, argv=0xbffffe74) at _main.c:781

(gdb) print cache_id
$11 = 3
(gdb) print cache
$12 = (dns_cache_t *) 0x81adeb0
(gdb) print cache[0]
$13 = {answer = {list = 0x8179fd8, ttl = 0, len = 1}, query = 0x817a2d0 "hub.lordares.net",
  expiretime = 1205367482}
(gdb) print cache[1]
$14 = {answer = {list = 0x81a31b0, ttl = 0, len = 1}, query = 0x81ead78 "efnet.ipv6.xs4all.nl",
  expiretime = 1205418942}
(gdb) print cache[2]
$15 = {answer = {list = 0x8196208, ttl = 0, len = 2}, query = 0x8199a08 "irc.ac.za",
  expiretime = 1205418852}
(gdb) print cache[3]
$16 = {answer = {list = 0x0, ttl = 0, len = 0}, query = 0x81a92a8 "irc.choopa.net",
  expiretime = 1205364367}

Crash on debug line: 

434                     sdprintf("egg_dns_lookup(%s, %d) -> [cached (%ds)] -> %s", host, timeout, cache[cache_id].expiretime - now, cache[cache_id].answer.list[0]);

Change History

Changed 2 years ago by bryan

  • description modified (diff)

Changed 2 years ago by bryan

Recreate:

Set nameserver to no recursion. Dns a host which returns only a CNAME (which isnt handled by adns.c yet) Dns it again, it will fetch the bad result from the cache!

Changed 2 years ago by bryan

  • status changed from new to closed
  • resolution set to fixed

(In [3700]) * Fix segfault from receiving from non-recursive dns servers. (fixes #401)

Changed 2 years ago by bryan

(In [3701]) * Port [3700] to 1.2.15

  • Fix segfault from receiving from non-recursive dns servers. (fixes #401)
Note: See TracTickets for help on using tickets.