[Opendnssec-user] Buffer overflow on ubuntu
Boris Gulay
boris at boressoft.ru
Sat Sep 13 12:39:11 UTC 2025
Hello
I have packaged latest 2.1/develop branch to my PPA for ubuntu:
https://launchpad.net/~boresexpress/+archive/ubuntu/opendnssec
It includes fix for crash I've mentioned early in this thread. Works OK
for me on Ubuntu 24.04 noble. Feel free to use it.
Ximon Eighteen via Opendnssec-user писал(а) 08.05.2025 10:54:
> Hi Erik,
>
> Both commit 02940f5 and commit 042eaf5 appear to compile correctly when
> applied to both 2.1.12 and 2.1.14. Note however that with commit
> 02940f5, if patching sources from a release tar ball, you will need to
> exclude the testing/ directory when applying the patch as the testing/
> directory is not included in the release tar ball.
>
> I have not tested this further than doing a configure, make and make
> install in a Docker Ubuntu 24.0.2 container based on the instructions
> for building and installing OpenDNSSEC described at
> https://opendnssec.readthedocs.io/en/latest/quickstart/.
>
> We hope to make a release in the coming months though I cannot say
> exactly when that might be.
>
> Ximon
>
> Op 8 mei 2025, om 08:52 heeft Erik P. Ostlyngen via Opendnssec-user
> <opendnssec-user at lists.opendnssec.org> het volgende geschreven:
> Hi Ximon,
>
> The fix that you mention seems to be the commit 02940f5 in the
> development branch. Would it be safe for us to apply this commit as a
> patch to the released version 2.1.12 of opendnssec (which we are
> using) or to version 2.1.14? The patch seems to apply well
> syntactically.
>
> Also, I see that Willem Toorop has committed a related fix 042eaf5.
> Would it be safe to add this patch also to the above mentioned
> versions?
>
> Regards,
> Erik Østlyngen
> Norid
>
> On 03.05.2025 20:55, Ximon Eighteen via Opendnssec-user wrote:
> Hi Boris,
> I also see that the issue you describe looks similar to or might
> even be the same issue fixed by
> https://github.com/opendnssec/opendnssec/pull/866
> <https://github.com/opendnssec/opendnssec/pull/866>.
> That fix has not yet been included in a release of OpenDNSEC.
> If I recall correctly this is also a case that setting
> _FORTIFY_SOURCE=0 during compilation will workaround.
> Ximom
> Op 3 mei 2025 om 19:46 heeft Ximon Eighteen <ximon at nlnetlabs.nl>
> het volgende geschreven:
> Hello Boris,
> One possible cause could be the stricter checks enforced on newer
> operating system versions.
> You could try disabling these stricter checks, e.g. by defining
> _FORTIFY_SOURCE=0 when compiling OpenDNSSEC from sources:
> ./configure CFLAGS="-D_FORTIFY_SOURCE=0"
> See https://opendnssec.readthedocs.io/en/latest/quickstart/
> <https://opendnssec.readthedocs.io/en/latest/quickstart/>
> for more complete instructions on building from sources.
> Ximon
> Op 3 mei 2025 om 16:02 heeft Boris Gulay via Opendnssec-user
> <opendnssec-user at lists.opendnssec.org> het volgende
> geschreven:
>
> Hello.
> I'm try to run OpenDNSSEC from repo on Ubuntu 24.04. I'm
> starting from scratch with single simple zone. No matter what
> algorithm I'm using for keys I'm getting buffer overflow error
> when daemon tries to generate KSK. I've past dump from logs
> below.
> Is it a known issue? How can I work around it?
> Similar issue on launchpad:
> https://bugs.launchpad.net/ubuntu/+source/opendnssec/+bug/2089834
> <https://bugs.launchpad.net/ubuntu/+source/opendnssec/+bug/2089834>
May 02 23:50:45 main ods-enforcerd[2712313]: [zone_add_cmd] zone
> chubarovo.ru added [policy: default] May 02 23:50:45 main
> ods-enforcerd[2712313]: INFO: The XML in
> /var/lib/opendnssec/enforcer/zones.xml.update is valid May 02
> 23:50:45 main ods-enforcerd[2712313]: [zone_add_cmd] internal
> zonelist updated successfully May 02 23:50:45 main
> ods-enforcerd[2712313]: 1 zone(s) found on policy "default" May
> 02 23:50:45 main ods-enforcerd[2712313]: [hsm_key_factory_generate] 1
> keys needed for 1 zones covering 31536000 seconds, generating 1 keys
> for policy default May 02
> 23:50:45 main ods-enforcerd[2712313]: 1 new KSK(s) (2048 bits)
> need to be created. May 02 23:50:45 main
> ods-enforcerd[2712313]: *** buffer overflow detected ***:
> terminated May 02 23:50:45 main ods-enforcerd[2712313]:
> Aborted: May 02 23:50:45 main ods-enforcerd[2712313]:
> unknown May 02 23:50:45 main ods-enforcerd[2712313]: Aborted May 02
> 23:50:45 main ods-enforcerd[2712313]: pthread_kill May
> 02 23:50:45 main ods-enforcerd[2712313]: gsignal May 02
> 23:50:45 main ods-enforcerd[2712313]: abort May 02 23:50:45
> main ods-enforcerd[2712313]: unknown May 02 23:50:45 main
> ods-enforcerd[2712313]: unknown May 02 23:50:45 main
> ods-enforcerd[2712313]: unknown May 02 23:50:45 main
> ods-enforcerd[2712313]: __snprintf_chk May 02 23:50:45 main
> ods-enforcerd[2712313]: hsm_generate_rsa_key May 02 23:50:45
> main ods-enforcerd[2712313]: hsm_key_factory_generate May 02
> 23:50:45 main ods-enforcerd[2712313]: hsm_key_factory_generate_policy
> May 02 23:50:45 main
> ods-enforcerd[2712313]: unknown May 02 23:50:45 main
> ods-enforcerd[2712313]: unknown May 02 23:50:45 main
> ods-enforcerd[2712313]: unknown May 02 23:50:45 main
> ods-enforcerd[2712313]: unknown May 02 23:50:45 main
> ods-enforcerd[2712313]: unknown May 02 23:50:45 main
> ods-enforcerd[2712313]: unknown May 02 23:50:45 main
> ods-enforcerd[2712313]: : May 02 23:50:45 main
> ods-enforcerd[2712313]: Threaddump: May 02 23:50:45 main
> ods-enforcerd[2712313]: unknown May 02 23:50:45 main
> ods-enforcerd[2712313]: unknown May 02 23:50:45 main
> ods-enforcerd[2712313]: pthread_cond_timedwait May 02
> 23:50:45 main ods-enforcerd[2712313]: ods_thread_wait May 02
> 23:50:45 main ods-enforcerd[2712313]: schedule_pop_task May
> 02 23:50:45 main ods-enforcerd[2712313]: worker_start May 02
> 23:50:45 main ods-enforcerd[2712313]: unknown May 02 23:50:45
> main ods-enforcerd[2712313]: unknown May 02 23:50:45 main
> ods-enforcerd[2712313]: unknown May 02 23:50:45 main
> ods-enforcerd[2712313]: Threaddump: May 02 23:50:45 main
> ods-enforcerd[2712313]: unknown May 02 23:50:45 main
> ods-enforcerd[2712313]: unknown May 02 23:50:45 main
> ods-enforcerd[2712313]: pthread_cond_timedwait May 02
> 23:50:45 main ods-enforcerd[2712313]: ods_thread_wait May 02
> 23:50:45 main ods-enforcerd[2712313]: schedule_pop_task May
> 02 23:50:45 main ods-enforcerd[2712313]: worker_start May 02
> 23:50:45 main ods-enforcerd[2712313]: unknown May 02 23:50:45
> main ods-enforcerd[2712313]: unknown May 02 23:50:45 main
> ods-enforcerd[2712313]: unknown May 02 23:50:45 main
> ods-enforcerd[2712313]: unknown May 02 23:50:45 main
> ods-enforcerd[2712313]: Threaddump: May 02 23:50:45 main
> ods-enforcerd[2712313]: unknown May 02 23:50:45 main
> ods-enforcerd[2712313]: unknown May 02 23:50:45 main
> ods-enforcerd[2712313]: pthread_cond_timedwait May 02
> 23:50:45 main ods-enforcerd[2712313]: ods_thread_wait May 02
> 23:50:45 main ods-enforcerd[2712313]: schedule_pop_task May
> 02 23:50:45 main ods-enforcerd[2712313]: worker_start May 02
> 23:50:45 main ods-enforcerd[2712313]: unknown May 02 23:50:45
> main ods-enforcerd[2712313]: unknown May 02 23:50:45 main
> ods-enforcerd[2712313]: unknown May 02 23:50:45 main
> ods-enforcerd[2712313]: Threaddump: May 02 23:50:45 main
> ods-enforcerd[2712313]: unknown May 02 23:50:45 main
> ods-enforcerd[2712313]: unknown May 02 23:50:45 main
> ods-enforcerd[2712313]: pthread_cond_timedwait May 02
> 23:50:45 main ods-enforcerd[2712313]: ods_thread_wait May 02
> 23:50:45 main ods-enforcerd[2712313]: schedule_pop_task May
> 02 23:50:45 main ods-enforcerd[2712313]: worker_start May 02
> 23:50:45 main ods-enforcerd[2712313]: unknown May 02 23:50:45
> main ods-enforcerd[2712313]: unknown May 02 23:50:45 main
> ods-enforcerd[2712313]: unknown May 02 23:50:45 main
> ods-enforcerd[2712313]: pthread_kill May 02 23:50:45 main
> ods-enforcerd[2712313]: Threaddump: May 02 23:50:45 main
> ods-enforcerd[2712313]: unknown May 02 23:50:45 main
> ods-enforcerd[2712313]: __select May 02 23:50:45 main
> ods-enforcerd[2712313]: cmdhandler_start May 02 23:50:45 main
> ods-enforcerd[2712313]: unknown May 02 23:50:45 main
> ods-enforcerd[2712313]: unknown May 02 23:50:45 main
> ods-enforcerd[2712313]: unknown May 02 23:50:45 main
> ods-enforcerd[2712313]: gsignal May 02 23:50:45 main
> ods-enforcerd[2712313]: abort May 02 23:50:45 main
> ods-enforcerd[2712313]: unknown May 02 23:50:45 main
> ods-enforcerd[2712313]: unknown May 02 23:50:45 main
> ods-enforcerd[2712313]: unknown May 02 23:50:45 main
> ods-enforcerd[2712313]: __snprintf_chk May 02 23:50:45 main
> ods-enforcerd[2712313]: hsm_generate_rsa_key May 02 23:50:45
> main ods-enforcerd[2712313]: hsm_key_factory_generate May 02
> 23:50:45 main ods-enforcerd[2712313]: hsm_key_factory_generate_policy
> May 02 23:50:45 main
> ods-enforcerd[2712313]: unknown May 02 23:50:45 main
> ods-enforcerd[2712313]: unknown May 02 23:50:45 main
> ods-enforcerd[2712313]: unknown May 02 23:50:45 main
> ods-enforcerd[2712313]: unknown May 02 23:50:45 main
> ods-enforcerd[2712313]: unknown May 02 23:50:45 main
> ods-enforcerd[2712313]: unknown May 02 23:50:45 main
> ods-enforcerd[2712313]: Threaddump May 02 23:50:45 main
> ods-enforcerd[2712313]: : May 02 23:50:45 main
> ods-enforcerd[2712313]: unknown May 02 23:50:45 main
> ods-enforcerd[2712313]: unknown May 02 23:50:45 main
> ods-enforcerd[2712313]: pthread_cond_timedwait May 02
> 23:50:45 main ods-enforcerd[2712313]: ods_thread_wait May 02
> 23:50:45 main ods-enforcerd[2712313]: schedule_pop_task May
> 02 23:50:45 main ods-enforcerd[2712313]: worker_start May 02
> 23:50:45 main ods-enforcerd[2712313]: unknown May 02 23:50:45
> main ods-enforcerd[2712313]: unknown May 02 23:50:45 main
> ods-enforcerd[2712313]: unknown May 02 23:50:45 main
> ods-enforcerd[2712313]: Threaddump May 02 23:50:45 main
> ods-enforcerd[2712313]: : May 02 23:50:45 main
> ods-enforcerd[2712313]: unknown May 02 23:50:45 main
> ods-enforcerd[2712313]: unknown May 02 23:50:45 main
> ods-enforcerd[2712313]: pthread_cond_timedwait May 02
> 23:50:45 main ods-enforcerd[2712313]: ods_thread_wait May 02
> 23:50:45 main ods-enforcerd[2712313]: schedule_pop_task May
> 02 23:50:45 main ods-enforcerd[2712313]: worker_start May 02
> 23:50:45 main ods-enforcerd[2712313]: unknown May 02 23:50:45
> main ods-enforcerd[2712313]: unknown May 02 23:50:45 main
> ods-enforcerd[2712313]: unknown May 02 23:50:45 main
> ods-enforcerd[2712313]: Threaddump May 02 23:50:45 main
> ods-enforcerd[2712313]: : May 02 23:50:45 main
> ods-enforcerd[2712313]: unknown May 02 23:50:45 main
> ods-enforcerd[2712313]: unknown May 02 23:50:45 main
> ods-enforcerd[2712313]: pthread_cond_timedwait May 02
> 23:50:45 main ods-enforcerd[2712313]: ods_thread_wait May 02
> 23:50:45 main ods-enforcerd[2712313]: schedule_pop_task May
> 02 23:50:45 main ods-enforcerd[2712313]: worker_start May 02
> 23:50:45 main ods-enforcerd[2712313]: unknown May 02 23:50:45
> main ods-enforcerd[2712313]: unknown May 02 23:50:45 main
> ods-enforcerd[2712313]: unknown May 02 23:50:45 main
> ods-enforcerd[2712313]: Threaddump May 02 23:50:45 main
> ods-enforcerd[2712313]: : May 02 23:50:45 main
> ods-enforcerd[2712313]: unknown May 02 23:50:45 main
> ods-enforcerd[2712313]: unknown May 02 23:50:45 main
> ods-enforcerd[2712313]: pthread_cond_timedwait May 02
> 23:50:45 main ods-enforcerd[2712313]: ods_thread_wait May 02
> 23:50:45 main ods-enforcerd[2712313]: schedule_pop_task May
> 02 23:50:45 main ods-enforcerd[2712313]: worker_start May 02
> 23:50:45 main ods-enforcerd[2712313]: unknown May 02 23:50:45
> main ods-enforcerd[2712313]: unknown May 02 23:50:45 main
> ods-enforcerd[2712313]: unknown May 02 23:50:45 main
> ods-enforcerd[2712313]: Threaddump May 02 23:50:45 main
> ods-enforcerd[2712313]: : May 02 23:50:45 main
> ods-enforcerd[2712313]: unknown May 02 23:50:45 main
> ods-enforcerd[2712313]: __select May 02 23:50:45 main
> ods-enforcerd[2712313]: cmdhandler_start May 02 23:50:45 main
> ods-enforcerd[2712313]: unknown May 02 23:50:45 main
> ods-enforcerd[2712313]: unknown May 02 23:50:45 main
> ods-enforcerd[2712313]: unknown May 02 23:50:45 main
> systemd[1]: opendnssec-enforcer.service: Main process exited,
> code=dumped, status=6/ABRT May 02 23:50:45 main systemd[1]:
> opendnssec-enforcer.service: Failed with result 'core-dump'.
> _______________________________________________ Opendnssec-user
> mailing list Opendnssec-user at lists.opendnssec.org
> https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
> _______________________________________________ Opendnssec-user
> mailing list Opendnssec-user at lists.opendnssec.org
> https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
_______________________________________________ Opendnssec-user
mailing list Opendnssec-user at lists.opendnssec.org
https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
_______________________________________________
Opendnssec-user mailing list
Opendnssec-user at lists.opendnssec.org
https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
_______________________________________________
Opendnssec-user mailing list
Opendnssec-user at lists.opendnssec.org
https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20250913/d8fbb122/attachment-0001.htm>
More information about the Opendnssec-user
mailing list