bug#22811: adns crash bugfix/patch

Jared Mauch jared at puck.nether.net
Fri Feb 26 01:29:26 GMT 2016 

Package: adns


diff --git a/src/types.c b/src/types.c
index d65e155..55bf098 100644
--- a/src/types.c
+++ b/src/types.c
@@ -984,12 +984,13 @@ static int di_hostaddr(adns_state ads,
 }
 
 static void mfp_hostaddr(adns_query qu, adns_rr_hostaddr *rrp) {
-  void *tablev;
+  void *tablev = NULL;
   size_t addrsz= gsz_addr(0, qu->answer->type);
 
   adns__makefinal_str(qu,&rrp->host);
   tablev= rrp->addrs;
-  adns__makefinal_block(qu, &tablev, rrp->naddrs*addrsz);
+  if (rrp->naddrs > 0)
+    adns__makefinal_block(qu, &tablev, rrp->naddrs*addrsz);
   rrp->addrs= tablev;
 }
 

This occurs when something is queried and comes back bogus/semi-bogus, eg:

(gdb) bt
#0  __memcpy_sse2_unaligned () at ../sysdeps/x86_64/multiarch/memcpy-sse2-unaligned.S:116
#1  0x00007ff5811c0b68 in memcpy (__len=18446744073709551584, __src=0x25fb6a8, __dest=<optimized out>) at /usr/include/x86_64-linux-gnu/bits/string3.h:51
#2  adns__makefinal_block (qu=qu at entry=0x2478590, blpp=blpp at entry=0x7ffd2c153db8, sz=18446744073709551584) at ../src/query.c:675
#3  0x00007ff5811bb8ae in mfp_hostaddr (qu=0x2478590, rrp=0x24af8f0) at ../src/types.c:992
#4  0x00007ff5811c0d5c in makefinal_query (qu=0x2478590) at ../src/query.c:593
#5  adns__query_done (qu=0x2478590) at ../src/query.c:646
#6  0x00007ff5811c097a in adns__returning (ads=ads at entry=0x242a010, qu_for_caller=qu_for_caller at entry=0x0) at ../src/query.c:514
#7  0x00007ff5811be988 in adns_processreadable (ads=0x242a010, fd=3, now=0x7ffd2c154148) at ../src/event.c:429
#8  0x00007ff5811bf854 in fd_event (ads=0x242a010, fd=39827112, fd at entry=3, revent=-32, revent at entry=7, pollflag=526672, pollflag at entry=1, maxfd=32917, maxfd at entry=6, fds=0xffffffffffffffe, fds at entry=0x7ffd2c1542d0, 
    func=func at entry=0x7ff5811be7b0 <adns_processreadable>, now=..., r_r=r_r at entry=0x0) at ../src/event.c:519
#9  0x00007ff5811bf94e in adns__fdevents (ads=ads at entry=0x242a010, pollfds=pollfds at entry=0x7ffd2c154210, npollfds=<optimized out>, maxfd=maxfd at entry=6, readfds=readfds at entry=0x7ffd2c1542d0, writefds=writefds at entry=0x7ffd2c154350, 
    exceptfds=exceptfds at entry=0x7ffd2c1543d0, now=..., r_r=r_r at entry=0x0) at ../src/event.c:544
#10 0x00007ff5811bfaa5 in adns_afterselect (ads=0x242a010, maxfd=6, readfds=readfds at entry=0x7ffd2c1542d0, writefds=writefds at entry=0x7ffd2c154350, exceptfds=exceptfds at entry=0x7ffd2c1543d0, now=0x7ffd2c154200, now at entry=0x0) at ../src/event.c:599
#11 0x000000000040166c in main (argc=<optimized out>, argv=<optimized out>) at adh-main.c:268
(gdb) up
#4  0x00007ff5811c0d5c in makefinal_query (qu=0x2478590) at ../src/query.c:593
593	      qu->typei->makefinal(qu, ans->rrs.bytes + rrn*ans->rrsz);
(gdb) up
#5  adns__query_done (qu=0x2478590) at ../src/query.c:646
646	    makefinal_query(qu);
(gdb) print qu
$6 = (adns_query) 0x2478590
(gdb) up
#6  0x00007ff5811c097a in adns__returning (ads=ads at entry=0x242a010, qu_for_caller=qu_for_caller at entry=0x0) at ../src/query.c:514
514	    iq->ctx.callback(parent,iq);
(gdb) print parent
$7 = <optimized out>
(gdb) print iq
$8 = (adns_query) 0x24d8db0
(gdb) down
#5  adns__query_done (qu=0x2478590) at ../src/query.c:646
646	    makefinal_query(qu);
(gdb) down
#4  0x00007ff5811c0d5c in makefinal_query (qu=0x2478590) at ../src/query.c:593
593	      qu->typei->makefinal(qu, ans->rrs.bytes + rrn*ans->rrsz);
(gdb) down
#3  0x00007ff5811bb8ae in mfp_hostaddr (qu=0x2478590, rrp=0x24af8f0) at ../src/types.c:992
992	  adns__makefinal_block(qu, &tablev, rrp->naddrs*addrsz);
(gdb) print rrp->naddrs
$9 = -1

More information about the adns-discuss mailing list