[Opendnssec-user] Buffer overflow on ubuntu
Erik P. Ostlyngen
erik.ostlyngen at norid.no
Thu May 8 06:52:16 UTC 2025
Hi Ximon,
The fix that you mention seems to be the commit 02940f5 in the
development branch. Would it be safe for us to apply this commit as a
patch to the released version 2.1.12 of opendnssec (which we are
using) or to version 2.1.14? The patch seems to apply well syntactically.
Also, I see that Willem Toorop has committed a related fix 042eaf5.
Would it be safe to add this patch also to the above mentioned versions?
Regards,
Erik Østlyngen
Norid
On 03.05.2025 20:55, Ximon Eighteen via Opendnssec-user wrote:
> Hi Boris,
>
> I also see that the issue you describe looks similar to or might
> even be the same issue fixed by
> https://github.com/opendnssec/opendnssec/pull/866
> <https://github.com/opendnssec/opendnssec/pull/866>.
> That fix has not yet been included in a release of OpenDNSEC.
>
> If I recall correctly this is also a case that setting
> _FORTIFY_SOURCE=0 during compilation will workaround.
>
> Ximom
>
>> Op 3 mei 2025 om 19:46 heeft Ximon Eighteen <ximon at nlnetlabs.nl>
>> het volgende geschreven:
>>
>> Hello Boris,
>>
>> One possible cause could be the stricter checks enforced on newer
>> operating system versions.
>>
>> You could try disabling these stricter checks, e.g. by defining
>> _FORTIFY_SOURCE=0 when compiling OpenDNSSEC from sources:
>>
>> ./configure CFLAGS="-D_FORTIFY_SOURCE=0"
>>
>> See https://opendnssec.readthedocs.io/en/latest/quickstart/
>> <https://opendnssec.readthedocs.io/en/latest/quickstart/>
>> for more complete instructions on building from sources.
>>
>> Ximon
>>
>>> Op 3 mei 2025 om 16:02 heeft Boris Gulay via Opendnssec-user
>>> <opendnssec-user at lists.opendnssec.org> het volgende
>>> geschreven:
>>>
>>>
>>>
>>> Hello.
>>>
>>> I'm try to run OpenDNSSEC from repo on Ubuntu 24.04. I'm
>>> starting from scratch with single simple zone. No matter what
>>> algorithm I'm using for keys I'm getting buffer overflow error
>>> when daemon tries to generate KSK. I've past dump from logs
>>> below.
>>>
>>> Is it a known issue? How can I work around it?
>>>
>>> Similar issue on launchpad:
>>> https://bugs.launchpad.net/ubuntu/+source/opendnssec/+bug/2089834
>>>
>>> <https://bugs.launchpad.net/ubuntu/+source/opendnssec/+bug/2089834>
>>>
>>>
>>>
>>>
May 02 23:50:45 main ods-enforcerd[2712313]: [zone_add_cmd] zone
>>> chubarovo.ru added [policy: default] May 02 23:50:45 main
>>> ods-enforcerd[2712313]: INFO: The XML in
>>> /var/lib/opendnssec/enforcer/zones.xml.update is valid May 02
>>> 23:50:45 main ods-enforcerd[2712313]: [zone_add_cmd] internal
>>> zonelist updated successfully May 02 23:50:45 main
>>> ods-enforcerd[2712313]: 1 zone(s) found on policy "default" May
>>> 02 23:50:45 main ods-enforcerd[2712313]:
>>> [hsm_key_factory_generate] 1 keys needed for 1 zones covering
>>> 31536000 seconds, generating 1 keys for policy default May 02
>>> 23:50:45 main ods-enforcerd[2712313]: 1 new KSK(s) (2048 bits)
>>> need to be created. May 02 23:50:45 main
>>> ods-enforcerd[2712313]: *** buffer overflow detected ***:
>>> terminated May 02 23:50:45 main ods-enforcerd[2712313]:
>>> Aborted: May 02 23:50:45 main ods-enforcerd[2712313]:
>>> unknown May 02 23:50:45 main ods-enforcerd[2712313]: Aborted
>>> May 02 23:50:45 main ods-enforcerd[2712313]: pthread_kill May
>>> 02 23:50:45 main ods-enforcerd[2712313]: gsignal May 02
>>> 23:50:45 main ods-enforcerd[2712313]: abort May 02 23:50:45
>>> main ods-enforcerd[2712313]: unknown May 02 23:50:45 main
>>> ods-enforcerd[2712313]: unknown May 02 23:50:45 main
>>> ods-enforcerd[2712313]: unknown May 02 23:50:45 main
>>> ods-enforcerd[2712313]: __snprintf_chk May 02 23:50:45 main
>>> ods-enforcerd[2712313]: hsm_generate_rsa_key May 02 23:50:45
>>> main ods-enforcerd[2712313]: hsm_key_factory_generate May 02
>>> 23:50:45 main ods-enforcerd[2712313]:
>>> hsm_key_factory_generate_policy May 02 23:50:45 main
>>> ods-enforcerd[2712313]: unknown May 02 23:50:45 main
>>> ods-enforcerd[2712313]: unknown May 02 23:50:45 main
>>> ods-enforcerd[2712313]: unknown May 02 23:50:45 main
>>> ods-enforcerd[2712313]: unknown May 02 23:50:45 main
>>> ods-enforcerd[2712313]: unknown May 02 23:50:45 main
>>> ods-enforcerd[2712313]: unknown May 02 23:50:45 main
>>> ods-enforcerd[2712313]: : May 02 23:50:45 main
>>> ods-enforcerd[2712313]: Threaddump: May 02 23:50:45 main
>>> ods-enforcerd[2712313]: unknown May 02 23:50:45 main
>>> ods-enforcerd[2712313]: unknown May 02 23:50:45 main
>>> ods-enforcerd[2712313]: pthread_cond_timedwait May 02
>>> 23:50:45 main ods-enforcerd[2712313]: ods_thread_wait May 02
>>> 23:50:45 main ods-enforcerd[2712313]: schedule_pop_task May
>>> 02 23:50:45 main ods-enforcerd[2712313]: worker_start May 02
>>> 23:50:45 main ods-enforcerd[2712313]: unknown May 02 23:50:45
>>> main ods-enforcerd[2712313]: unknown May 02 23:50:45 main
>>> ods-enforcerd[2712313]: unknown May 02 23:50:45 main
>>> ods-enforcerd[2712313]: Threaddump: May 02 23:50:45 main
>>> ods-enforcerd[2712313]: unknown May 02 23:50:45 main
>>> ods-enforcerd[2712313]: unknown May 02 23:50:45 main
>>> ods-enforcerd[2712313]: pthread_cond_timedwait May 02
>>> 23:50:45 main ods-enforcerd[2712313]: ods_thread_wait May 02
>>> 23:50:45 main ods-enforcerd[2712313]: schedule_pop_task May
>>> 02 23:50:45 main ods-enforcerd[2712313]: worker_start May 02
>>> 23:50:45 main ods-enforcerd[2712313]: unknown May 02 23:50:45
>>> main ods-enforcerd[2712313]: unknown May 02 23:50:45 main
>>> ods-enforcerd[2712313]: unknown May 02 23:50:45 main
>>> ods-enforcerd[2712313]: unknown May 02 23:50:45 main
>>> ods-enforcerd[2712313]: Threaddump: May 02 23:50:45 main
>>> ods-enforcerd[2712313]: unknown May 02 23:50:45 main
>>> ods-enforcerd[2712313]: unknown May 02 23:50:45 main
>>> ods-enforcerd[2712313]: pthread_cond_timedwait May 02
>>> 23:50:45 main ods-enforcerd[2712313]: ods_thread_wait May 02
>>> 23:50:45 main ods-enforcerd[2712313]: schedule_pop_task May
>>> 02 23:50:45 main ods-enforcerd[2712313]: worker_start May 02
>>> 23:50:45 main ods-enforcerd[2712313]: unknown May 02 23:50:45
>>> main ods-enforcerd[2712313]: unknown May 02 23:50:45 main
>>> ods-enforcerd[2712313]: unknown May 02 23:50:45 main
>>> ods-enforcerd[2712313]: Threaddump: May 02 23:50:45 main
>>> ods-enforcerd[2712313]: unknown May 02 23:50:45 main
>>> ods-enforcerd[2712313]: unknown May 02 23:50:45 main
>>> ods-enforcerd[2712313]: pthread_cond_timedwait May 02
>>> 23:50:45 main ods-enforcerd[2712313]: ods_thread_wait May 02
>>> 23:50:45 main ods-enforcerd[2712313]: schedule_pop_task May
>>> 02 23:50:45 main ods-enforcerd[2712313]: worker_start May 02
>>> 23:50:45 main ods-enforcerd[2712313]: unknown May 02 23:50:45
>>> main ods-enforcerd[2712313]: unknown May 02 23:50:45 main
>>> ods-enforcerd[2712313]: unknown May 02 23:50:45 main
>>> ods-enforcerd[2712313]: pthread_kill May 02 23:50:45 main
>>> ods-enforcerd[2712313]: Threaddump: May 02 23:50:45 main
>>> ods-enforcerd[2712313]: unknown May 02 23:50:45 main
>>> ods-enforcerd[2712313]: __select May 02 23:50:45 main
>>> ods-enforcerd[2712313]: cmdhandler_start May 02 23:50:45 main
>>> ods-enforcerd[2712313]: unknown May 02 23:50:45 main
>>> ods-enforcerd[2712313]: unknown May 02 23:50:45 main
>>> ods-enforcerd[2712313]: unknown May 02 23:50:45 main
>>> ods-enforcerd[2712313]: gsignal May 02 23:50:45 main
>>> ods-enforcerd[2712313]: abort May 02 23:50:45 main
>>> ods-enforcerd[2712313]: unknown May 02 23:50:45 main
>>> ods-enforcerd[2712313]: unknown May 02 23:50:45 main
>>> ods-enforcerd[2712313]: unknown May 02 23:50:45 main
>>> ods-enforcerd[2712313]: __snprintf_chk May 02 23:50:45 main
>>> ods-enforcerd[2712313]: hsm_generate_rsa_key May 02 23:50:45
>>> main ods-enforcerd[2712313]: hsm_key_factory_generate May 02
>>> 23:50:45 main ods-enforcerd[2712313]:
>>> hsm_key_factory_generate_policy May 02 23:50:45 main
>>> ods-enforcerd[2712313]: unknown May 02 23:50:45 main
>>> ods-enforcerd[2712313]: unknown May 02 23:50:45 main
>>> ods-enforcerd[2712313]: unknown May 02 23:50:45 main
>>> ods-enforcerd[2712313]: unknown May 02 23:50:45 main
>>> ods-enforcerd[2712313]: unknown May 02 23:50:45 main
>>> ods-enforcerd[2712313]: unknown May 02 23:50:45 main
>>> ods-enforcerd[2712313]: Threaddump May 02 23:50:45 main
>>> ods-enforcerd[2712313]: : May 02 23:50:45 main
>>> ods-enforcerd[2712313]: unknown May 02 23:50:45 main
>>> ods-enforcerd[2712313]: unknown May 02 23:50:45 main
>>> ods-enforcerd[2712313]: pthread_cond_timedwait May 02
>>> 23:50:45 main ods-enforcerd[2712313]: ods_thread_wait May 02
>>> 23:50:45 main ods-enforcerd[2712313]: schedule_pop_task May
>>> 02 23:50:45 main ods-enforcerd[2712313]: worker_start May 02
>>> 23:50:45 main ods-enforcerd[2712313]: unknown May 02 23:50:45
>>> main ods-enforcerd[2712313]: unknown May 02 23:50:45 main
>>> ods-enforcerd[2712313]: unknown May 02 23:50:45 main
>>> ods-enforcerd[2712313]: Threaddump May 02 23:50:45 main
>>> ods-enforcerd[2712313]: : May 02 23:50:45 main
>>> ods-enforcerd[2712313]: unknown May 02 23:50:45 main
>>> ods-enforcerd[2712313]: unknown May 02 23:50:45 main
>>> ods-enforcerd[2712313]: pthread_cond_timedwait May 02
>>> 23:50:45 main ods-enforcerd[2712313]: ods_thread_wait May 02
>>> 23:50:45 main ods-enforcerd[2712313]: schedule_pop_task May
>>> 02 23:50:45 main ods-enforcerd[2712313]: worker_start May 02
>>> 23:50:45 main ods-enforcerd[2712313]: unknown May 02 23:50:45
>>> main ods-enforcerd[2712313]: unknown May 02 23:50:45 main
>>> ods-enforcerd[2712313]: unknown May 02 23:50:45 main
>>> ods-enforcerd[2712313]: Threaddump May 02 23:50:45 main
>>> ods-enforcerd[2712313]: : May 02 23:50:45 main
>>> ods-enforcerd[2712313]: unknown May 02 23:50:45 main
>>> ods-enforcerd[2712313]: unknown May 02 23:50:45 main
>>> ods-enforcerd[2712313]: pthread_cond_timedwait May 02
>>> 23:50:45 main ods-enforcerd[2712313]: ods_thread_wait May 02
>>> 23:50:45 main ods-enforcerd[2712313]: schedule_pop_task May
>>> 02 23:50:45 main ods-enforcerd[2712313]: worker_start May 02
>>> 23:50:45 main ods-enforcerd[2712313]: unknown May 02 23:50:45
>>> main ods-enforcerd[2712313]: unknown May 02 23:50:45 main
>>> ods-enforcerd[2712313]: unknown May 02 23:50:45 main
>>> ods-enforcerd[2712313]: Threaddump May 02 23:50:45 main
>>> ods-enforcerd[2712313]: : May 02 23:50:45 main
>>> ods-enforcerd[2712313]: unknown May 02 23:50:45 main
>>> ods-enforcerd[2712313]: unknown May 02 23:50:45 main
>>> ods-enforcerd[2712313]: pthread_cond_timedwait May 02
>>> 23:50:45 main ods-enforcerd[2712313]: ods_thread_wait May 02
>>> 23:50:45 main ods-enforcerd[2712313]: schedule_pop_task May
>>> 02 23:50:45 main ods-enforcerd[2712313]: worker_start May 02
>>> 23:50:45 main ods-enforcerd[2712313]: unknown May 02 23:50:45
>>> main ods-enforcerd[2712313]: unknown May 02 23:50:45 main
>>> ods-enforcerd[2712313]: unknown May 02 23:50:45 main
>>> ods-enforcerd[2712313]: Threaddump May 02 23:50:45 main
>>> ods-enforcerd[2712313]: : May 02 23:50:45 main
>>> ods-enforcerd[2712313]: unknown May 02 23:50:45 main
>>> ods-enforcerd[2712313]: __select May 02 23:50:45 main
>>> ods-enforcerd[2712313]: cmdhandler_start May 02 23:50:45 main
>>> ods-enforcerd[2712313]: unknown May 02 23:50:45 main
>>> ods-enforcerd[2712313]: unknown May 02 23:50:45 main
>>> ods-enforcerd[2712313]: unknown May 02 23:50:45 main
>>> systemd[1]: opendnssec-enforcer.service: Main process exited,
>>> code=dumped, status=6/ABRT May 02 23:50:45 main systemd[1]:
>>> opendnssec-enforcer.service: Failed with result 'core-dump'.
>>>
>>> _______________________________________________ Opendnssec-user
>>> mailing list Opendnssec-user at lists.opendnssec.org
>>> https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
>> _______________________________________________ Opendnssec-user
>> mailing list Opendnssec-user at lists.opendnssec.org
>> https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
>
> _______________________________________________ Opendnssec-user
> mailing list Opendnssec-user at lists.opendnssec.org
> https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
More information about the Opendnssec-user
mailing list