[Opendnssec-user] ods-signerd 1.4.0a1 crasher

Matthijs Mekking matthijs at nlnetlabs.nl
Wed May 16 11:45:20 UTC 2012 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Paul,

Thanks for your report. This happens if I check the rr_count of an
RRset that does not exist. This patch should prevent the crash:

Index: signer/namedb.c
===================================================================
- --- signer/namedb.c	(revision 6296)
+++ signer/namedb.c	(working copy)
@@ -739,7 +739,7 @@
     if (!denial || !db || !db->denials) {
         return NULL;
     }
- -    if (denial->rrset->rr_count) {
+    if (denial->rrset && denial->rrset->rr_count) {
         ods_log_error("[%s] unable to delete denial: denial in use
[#%u]",
             db_str, denial->rrset->rr_count);
         log_dname(denial->dname, "ERR -DENIAL", LOG_ERR);

I have committed it to trunk, r6337. I was not able to trigger the
crash myself, I am guessing this can happen when using NSEC3 with
Opt-Out. Do you have any insights on how you encountered this (e.g.,
what kind of information did you add/remove from the zone, did you try
to sign a faulty zone, ...)?

Best regards,
  Matthijs


On 05/15/2012 02:33 PM, Paul Wouters wrote:
> 
> I managed to get a trace of the ods-signerd crasher:
> 
> (gdb) bt #0  0x000000000041c960 in namedb_del_denial
> (db=0x21d3590, denial=0x7fc1592807c0) at signer/namedb.c:837 #1
> 0x000000000041cd9d in namedb_del_nsec3_trigger (db=0x21d3590, 
> domain=0x7fc19a12daf0, rollback=0) at signer/namedb.c:680 #2
> namedb_del_denial_trigger (db=0x21d3590, domain=0x7fc19a12daf0, 
> rollback=0) at signer/namedb.c:712 #3  0x000000000041d37d in
> namedb_diff (db=0x21d3590, is_ixfr=0) at signer/namedb.c:886 #4
> 0x0000000000406ac0 in adapi_trans_full (zone=0x21d1300) at
> adapter/adapi.c:132 #5  0x0000000000409138 in adfile_read
> (zone=0x21d1300) at adapter/adfile.c:315 #6  0x0000000000421c85 in
> tools_input (zone=0x21d1300) at signer/tools.c:131 #7
> 0x00000000004109ee in worker_perform_task (worker=0x2269c90) at
> daemon/worker.c:340 #8  worker_work (worker=0x2269c90) at
> daemon/worker.c:566 #9  0x0000000000411550 in worker_start
> (worker=0x2269c90) at daemon/worker.c:700 #10 0x000000000040d501 in
> worker_thread_start (arg=<value optimized out>) at
> daemon/engine.c:365 #11 0x00000036efa077f1 in start_thread () from
> /lib64/libpthread.so.0 #12 0x00000036ef2e5ccd in clone () from
> /lib64/libc.so.6 (gdb) f 0 #0  0x000000000041c960 in
> namedb_del_denial (db=0x21d3590, denial=0x7fc1592807c0) at
> signer/namedb.c:837 837         if (denial->rrset->rr_count) { 
> (gdb) p denial->rrset->rr_count Cannot access memory at address
> 0x30
> 
> 
> Full back trace (with not much more):
> 
> 
> in namedb_del_denial (db=0x21d3590, denial=0x7fc1592807c0) at
> signer/namedb.c:837 node = <value optimized out> pnode = <value
> optimized out> pdenial = 0x0 __func__ = "namedb_del_denial" #1
> 0x000000000041cd9d in namedb_del_nsec3_trigger (db=0x21d3590, 
> domain=0x7fc19a12daf0, rollback=0) at signer/namedb.c:680 dstatus =
> <value optimized out> denial = <value optimized out> #2
> namedb_del_denial_trigger (db=0x21d3590, domain=0x7fc19a12daf0, 
> rollback=0) at signer/namedb.c:712 parent = <value optimized out> 
> zone = 0x21d1300 is_deleted = <value optimized out> __func__ =
> "namedb_del_denial_trigger" #3  0x000000000041d37d in namedb_diff
> (db=0x21d3590, is_ixfr=0) at signer/namedb.c:886 node =
> 0x7fc19a12df30 domain = 0x7fc183c63f10 #4  0x0000000000406ac0 in
> adapi_trans_full (zone=0x21d1300) at adapter/adapi.c:132 start = 0 
> end = 0 num_added = 0 #5  0x0000000000409138 in adfile_read
> (zone=0x21d1300) at adapter/adfile.c:315 fd = 0x7fc1592cbb60 adzone
> = 0x21d1300 status = ODS_STATUS_OK #6  0x0000000000421c85 in
> tools_input (zone=0x21d1300) at signer/tools.c:131 status =
> ODS_STATUS_OK start = 1337056810 end = 0 __func__ = "tools_input" 
> #7  0x00000000004109ee in worker_perform_task (worker=0x2269c90) at
> daemon/worker.c:340 when = 1337056810 end = 0 engine = 0x21cc480 
> zone = 0x21d1300 task = 0x21e1df0 status = <value optimized out> 
> never = 31536000 what = TASK_SIGN backup = 0 start = 0 status =
> <value optimized out> never = 31536000 what = TASK_SIGN backup = 0 
> start = 0 #8  worker_work (worker=0x2269c90) at
> daemon/worker.c:566 now = <value optimized out> timeout = <value
> optimized out> engine = <value optimized out> zone = 0x21d1300 
> status = <value optimized out> __func__ = "worker_work" #9
> 0x0000000000411550 in worker_start (worker=0x2269c90) at
> daemon/worker.c:700 __func__ = "worker_start" #10
> 0x000000000040d501 in worker_thread_start (arg=<value optimized
> out>) at daemon/engine.c:365 worker = 0x2269c90 #11
> 0x00000036efa077f1 in start_thread () from /lib64/libpthread.so.0 
> No symbol table info available. #12 0x00000036ef2e5ccd in clone ()
> from /lib64/libc.so.6 No symbol table info available.
> 
> _______________________________________________ Opendnssec-user
> mailing list Opendnssec-user at lists.opendnssec.org 
> https://lists.opendnssec.org/mailman/listinfo/opendnssec-user

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJPs5NQAAoJEA8yVCPsQCW5uLUH/11KqLQYOp6uHq0QjsDX0/dI
Q534MaJ7jhYn5/aheoCzdn+H2msT1bBeCTgfeEGRgLr3yflrDgsruqBgfJthE7D+
aINFowCI2Hk2BhMTZ7UHA3PkZcIkgBtyg8r16kE8dRzUBSd1472O1mFXB2sfNXfh
ZEbQY9rP8Z2LpoqNiDdw1m7TMnc8XF7dU0WRoCwfwGrKvvd65O1AFNndpaecnfSc
PT8+E6fEjA2QaNYQ58jB9bQTlslztflVrbpylV15wE983AWMNQUUp5Chn+zBHfoc
/qjIG87DMC/So/BEy92FOyYJ12RP84FgruBe5ecFuG0MKsmeU9bfMcEpwaBxzrU=
=YPH4
-----END PGP SIGNATURE-----

More information about the Opendnssec-user mailing list