-
Notifications
You must be signed in to change notification settings - Fork 12
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Segfault when parsing a bad CAA resource record #149
Comments
Better yet, here’s a one-liner. Expected behavior is no output, instead the following prints perl -MZonemaster::LDNS -e 'Zonemaster::LDNS::RR->new("bad-caa.example. IN CAA \\# 4 C0000202")' The segfault also happens when using the internal ldns library. |
Add a unit test in packet.t and another one in rr.t to reproduce the segfaults I observed. See also issue zonemaster#149.
Add a unit test in packet.t and another one in rr.t to reproduce the segfaults I observed. See also issue zonemaster#149.
Add a unit test in packet.t and another one in rr.t to reproduce the segfaults I observed. See also issue zonemaster#149.
Here’s a data file containing (manually) corrupted A records: corrupted-a.txt This data file is a better test because it gets closer to how I originally discovered the bug. And when I load it in
gdb yields a different backtrace:
So there are really two variants of the same issue here. I’m addressing both in a pull request soon to come. |
Add a unit test in packet.t and another one in rr.t to reproduce the segfaults I observed. See also issue zonemaster#149.
Fix unsafe string manipulations in XS code
Resolved by #153 |
I am using Zonemaster::LDNS version 2.2.2 with libldns-1.7.0 on Ubuntu 20.04 LTS (with WSL).
During fuzz testing, I noticed that Zonemaster::LDNS would sometimes segfault, even when PR #136 is merged (locally). After some searching, I managed to reproduce it consistently when feeding Zonemaster::LDNS with a bad CAA resource record; more specifically, an A record whose type code is changed from 1 to 257 with a random bit flip.
Below is a minimal script that causes the crash:
And here is the accompanying GDB output:
The text was updated successfully, but these errors were encountered: