Issue #109: Invalid transfer and query policy can crash BIND - bind-dyndb-ldap

bind-dyndb-ldap

#109 Invalid transfer and query policy can crash BIND

Closed: Fixed None Opened 11 years ago by pspacek.

Set idnsAllowTransfer attribute to xnone; and you should see a crash:

25-Feb-2013 16:02:59.444 parser.c:1587: REQUIRE(mapobj != ((void *)0) && mapobj->type->rep == &cfg_rep_map) failed, back trace

Back trace:

Program received signal SIGABRT, Aborted.
[Switching to Thread 0x7ffff3ee9700 (LWP 11909)]
0x00007ffff4d82935 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
64    return INLINE_SYSCALL (tgkill, 3, pid, selftid, sig);
Missing separate debuginfos, use: debuginfo-install sssd-client-1.8.6-1.fc17.x86_64
(gdb) bt
#0  0x00007ffff4d82935 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#1  0x00007ffff4d840e8 in __GI_abort () at abort.c:91
#2  0x000055555557f77b in assertion_failed (file=0x7ffff738054a "parser.c", line=1587, type=isc_assertiontype_require, 
    cond=0x7ffff73809b0 "mapobj != ((void *)0) && mapobj->type->rep == &cfg_rep_map") at ./main.c:219
#3  0x00007ffff61b7ddd in isc_assertion_failed (file=0x7ffff738054a "parser.c", line=1587, type=isc_assertiontype_require, 
    cond=0x7ffff73809b0 "mapobj != ((void *)0) && mapobj->type->rep == &cfg_rep_map") at assertions.c:57
#4  0x00007ffff737c129 in cfg_map_get (mapobj=0x0, name=0x7ffff737e957 "acl", obj=0x7ffff3ee88e0) at parser.c:1587
#5  0x00007ffff7374e28 in get_acl_def (cctx=0x0, name=0x7ffff7f95268 "xnone", ret=0x7ffff3ee8940) at aclconf.c:109
#6  0x00007ffff7375606 in count_acl_elements (caml=0x7ffff7faf400, cctx=0x0, has_negative=0x0) at aclconf.c:254
#7  0x00007ffff73757bc in cfg_acl_fromconfig (caml=0x7ffff7faf400, cctx=0x0, lctx=0x555555808720, ctx=0x7fffeb3e3dd0, mctx=0x5555557f7250, nest_level=0, 
    target=0x7ffff3ee8b00) at aclconf.c:306
#8  0x00007fffeb0e4579 in acl_from_ldap (mctx=0x5555557f7250, aclstr=0x7fffb00134a0 "xnone;", type=acl_type_transfer, aclp=0x7ffff3ee8b38) at acl.c:498
#9  0x00007fffeb0efb4b in ldap_parse_zoneentry (entry=0x7fffeb3f5dd8, inst=0x7fffeb3db010) at ldap_helper.c:1352
#10 0x00007fffeb0f7ce2 in update_zone (task=0x7ffff7f97010, event=0x7fffeb3fcd90) at ldap_helper.c:3369
#11 0x00007ffff61df4d1 in dispatch (manager=0x7ffff7f84010) at task.c:1116
#12 0x00007ffff61df7e5 in run (uap=0x7ffff7f84010) at task.c:1286
#13 0x00007ffff5b8cd14 in start_thread (arg=0x7ffff3ee9700) at pthread_create.c:309
#14 0x00007ffff4e3e68d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:115

Apparently, configuration context can't be NULL at acl.c:498:

CHECK(cfg_acl_fromconfig(aclobj, NULL, dns_lctx, aclctx, mctx, 0, &acl));

pspacek commented 11 years ago

Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=915792

pspacek commented 11 years ago

The same problem is present in idnsAllowQuery ACL parser.

pspacek commented 11 years ago

Pushed to

master: 8e7ab08
v2: 654971e

Metadata Update from @pspacek:
- Issue assigned to pspacek
- Issue set to the milestone: Fedora 19

7 years ago

Metadata

Assignee

pspacek

Tags

None

Blocking

None

Depending on

None

Priority

major

Milestone

Fedora 19

rhbz

https://bugzilla.redhat.com/show_bug.cgi?id=915792

blockedby

None

blocking

None

fixedby

654971e45872471b800fa3f5afd7f7f383d168e9, 8e7ab08b06fe303914b94f42a91467ca5e77f299

fixedin

2.6

proposedmilestone

None

type

defect

component

ldap driver

version

2.5

keywords

nihsyndrome, crash

None

bind-dyndb-ldap

Source Code

Documentation

#109 Invalid transfer and query policy can crash BIND Closed: Fixed None Opened 11 years ago by pspacek.

Metadata

#109 Invalid transfer and query policy can crash BIND

Closed: Fixed None Opened 11 years ago by pspacek.