[Opendnssec-user] Segmentation fault on nsec3er

Sebastian Castro sebastian at nzrs.net.nz
Fri Aug 28 04:55:25 UTC 2009 

Hi:

I'm testing opendnssec with a large delegation-only zone and when the
signer_engine starts is able to read and sort the zone

---------------------------------
Aug 28 16:19:48 klendathu OpenDNSSEC signer engine: Run command:
'/usr/local/opendnssec/libexec/opendnssec/zone_reader -o co.nz -w
/var/opendnssec/tmp/co.nz.sorted -n -s A83DE24E998437D2 -t 5 -a 1'
Aug 28 16:19:48 klendathu OpenDNSSEC signer engine: Writing file to
zone_reader: /var/opendnssec/unsigned/co.nz.zone
Aug 28 16:20:13 klendathu OpenDNSSEC signer engine: Done sorting

---------------------------------

but when it's time to generate the NSEC3 records, nsec3er fails due to a
Segmentation Fault error

---------------------------------
Aug 28 16:20:13 klendathu OpenDNSSEC signer engine: NSEC(3)ing zone: co.nz
Aug 28 16:20:13 klendathu OpenDNSSEC signer engine: Run command:
'/usr/local/opendnssec/libexec/opendnssec/nsec3er -o co.nz -s
A83DE24E998437D2 -t 5 -a 1 -i /var/opendnssec/tmp/co.nz.sorted -w
/var/opendnssec/tmp/co.nz.nsecced'
Aug 28 16:20:13 klendathu OpenDNSSEC signer engine: stderr from nseccer:
*** glibc detected *** /usr/local/opendnssec/libexec/opendnssec/nsec3er:
free(): invalid pointer: 0x00000000019032a0 ***
---------------------------------

I was able to rerun the same command line using a debugger (gdb) in
order to get more meaningful data

---------------------------------
Program received signal SIGABRT, Aborted.
0x00007fdecd4cafb5 in raise () from /lib/libc.so.6
(gdb) bt
#0  0x00007fdecd4cafb5 in raise () from /lib/libc.so.6
#1  0x00007fdecd4ccbc3 in abort () from /lib/libc.so.6
#2  0x00007fdecd50a228 in ?? () from /lib/libc.so.6
#3  0x00007fdecd50fcb8 in ?? () from /lib/libc.so.6
#4  0x00007fdecd512276 in free () from /lib/libc.so.6
#5  0x00007fdece328378 in ldns_rr_free (rr=0xb615c0) at rr.c:73
#6  0x00000000004020a6 in create_nsec3_records (input_file=0x72f090,
    out_file=0x72f2d0, origin=0x72f030, n3p=0x72f010, soa_min_ttl=0)
    at nsec3er.c:422
#7  0x0000000000402891 in main (argc=13, argv=0x7fffd697ff38) at
nsec3er.c:615

(gdb) fram 5
#5  0x00007fdece328378 in ldns_rr_free (rr=0xb615c0) at rr.c:73
73				ldns_rdf_deep_free(ldns_rr_owner(rr));
(gdb) p rr
$1 = (ldns_rr *) 0xb615c0
(gdb) p *rr
$2 = {_owner = 0xb602a0, _ttl = 3600, _rd_count = 0,
  _rr_type = LDNS_RR_TYPE_NS, _rr_class = LDNS_RR_CLASS_IN,
  _rdata_fields = 0x0}
(gdb) fram 6
#6  0x00000000004020a6 in create_nsec3_records (input_file=0x72f090,
    out_file=0x72f2d0, origin=0x72f030, n3p=0x72f010, soa_min_ttl=0)
    at nsec3er.c:422
422					ldns_rr_free(rr);

---------------------------------

I assume the SEGFAULT error comes from freeing _rdata_fields which in
this case is 0x0 (NULL).

After checking the code for create_nsec3_records, I assume it was an
input error from the file being used that created a truncated rr. The
culprit line looks like

----------------------------------
(gdb) p line
$2 =
"?/\035\002\000\000\000\000yregionalcouncil.co.nz.\t86400\tIN\tNS\tns1.fabulous.com.\000m.au.\000.\000m-for.info.\000\000\000.\000fo.\000o.",
'\0' <repeats 60732 times>,
"\025??c?\177\000\000\000\000\000\000\000\000\000\000??\033d?\177\000\000N\210\205b?\177\000\000\024K?c?\177",
'\0' <repeats 66 times>, "\001", '\0' <repeats 135 times>,
"\025??c?\177\000\000\000\000\000\000\000\000\000\000??\033d?\177\000\000???b?\177\000\000\024K?c?\177",
'\0' <repeats 66 times>...
(gdb) p pre_count
$3 = 65541
---------------------------------

Although if I go to the line 65541 on the input file, it looks perfectly
fine (and checking it with named-checkzone doesn't give any format error).


Any suggestions how to debug the problem? Install a version of ldns from
 source to enable the debugging?

Cheers
Sebastian Castro

More information about the Opendnssec-user mailing list