[Bro-Dev] [JIRA] (BIT-1387) segfault in nb_dns.cc when nameserver is not reachable

Thu Apr 23 07:17:00 PDT 2015

Frank Meier created BIT-1387:
--------------------------------

             Summary: segfault in nb_dns.cc when nameserver is not reachable
                 Key: BIT-1387
                 URL: https://bro-tracker.atlassian.net/browse/BIT-1387
             Project: Bro Issue Tracker
          Issue Type: Problem
          Components: Bro
    Affects Versions: 2.3, git/master
         Environment: Ubuntu 14.10 and Debian Minimal 7.8
            Reporter: Frank Meier


The segfault happens, if a nameserver is set in /etc/resolv.conf, but the network
of the nameserver is not reachable: 

$ cat /etc/resolv.conf 
nameserver 192.168.1.1
$ cat dns.bro 
event bro_init() {
	when ( local result = lookup_hostname("example.com") ) {
	}
}
$ bro -v
bro version 2.3-793
$ bro dns.bro
warning in /home/franky/bro-git/bro/scripts/base/init-bare.bro, line 1: problem initializing NB-DNS: connect(192.168.1.1): Network is unreachable
warning: can't issue DNS request
warning: can't issue DNS request
Segmentation fault (core dumped)

The segfault does not happen, if BRO_DNS_FAKE ist set to on or off:

$ BRO_DNS_FAKE=0 bro dns.bro
warning in /home/franky/bro-git/bro/scripts/base/init-bare.bro, line 1: problem initializing NB-DNS: connect(192.168.1.1): Network is unreachable
$ BRO_DNS_FAKE=1 bro dns.bro
warning in /home/franky/bro-git/bro/scripts/base/init-bare.bro, line 1: problem initializing NB-DNS: connect(192.168.1.1): Network is unreachable

Here is the backtrace:

$ gdb bro /tmp/core 
GNU gdb (Ubuntu 7.8-1ubuntu4) 7.8.0.20141001-cvs
[...]
Core was generated by `bro dns.bro'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  nb_dns_fd (nd=0x0) at /home/franky/bro-git/bro/src/nb_dns.c:176
176		return (nd->s);
(gdb) bt
#0  nb_dns_fd (nd=0x0) at /home/franky/bro-git/bro/src/nb_dns.c:176
#1  0x0000000000567c1d in DNS_Mgr::AnswerAvailable (this=<optimized out>, timeout=0) at /home/franky/bro-git/bro/src/DNS_Mgr.cc:1425
#2  0x000000000056c24a in DNS_Mgr::DoProcess (this=0x15c1410, flush=false) at /home/franky/bro-git/bro/src/DNS_Mgr.cc:1382
#3  0x000000000056c420 in DNS_Mgr::Flush (this=0x15c1410) at /home/franky/bro-git/bro/src/DNS_Mgr.cc:1334
#4  0x0000000000540126 in done_with_network () at /home/franky/bro-git/bro/src/main.cc:316
#5  0x000000000051f679 in main (argc=<optimized out>, argv=<optimized out>) at /home/franky/bro-git/bro/src/main.cc:1216

fix option 1:

diff --git a/src/DNS_Mgr.cc b/src/DNS_Mgr.cc
index 11fd258..08f76df 100644
--- a/src/DNS_Mgr.cc
+++ b/src/DNS_Mgr.cc
@@ -1422,6 +1422,10 @@ void DNS_Mgr::DoProcess(bool flush)
 
 int DNS_Mgr::AnswerAvailable(int timeout)
        {
+       if (!nb_dns) {
+               reporter->Warning("nb_dns_fd() failed in DNS_Mgr::WaitForReplies");
+               return -1;
+       }
        int fd = nb_dns_fd(nb_dns);
        if ( fd < 0 )
                {

fix option 2:

diff --git a/src/nb_dns.c b/src/nb_dns.c
index 33a0083..22778e2 100644
--- a/src/nb_dns.c
+++ b/src/nb_dns.c
@@ -172,7 +172,9 @@ nb_dns_finish(struct nb_dns_info *nd)
 int
 nb_dns_fd(struct nb_dns_info *nd)
 {
-
+       if (!nd) {
+               return -1;
+       }
        return (nd->s);
 }



--
This message was sent by Atlassian JIRA
(v6.5-OD-01-120#65000)
