[Bro-Dev] [JIRA] (BIT-1387) segfault in nb_dns.cc when nameserver is not reachable

Aaron Eppert (JIRA) jira at bro-tracker.atlassian.net
Thu Apr 23 10:46:00 PDT 2015


    [ https://bro-tracker.atlassian.net/browse/BIT-1387?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=20422#comment-20422 ] 

Aaron Eppert commented on BIT-1387:
-----------------------------------

This is how I fixed it in my local repository. There are a few other areas in DNS_Mgr.cc that need to definitely be shored up. Also, I would say, there needs to be some kind of state kept on DNS failures so that there doesn't have to be a log generated each and every time this occurs. There are definitely instances of Bro being leveraged on internal networks where an outbound, or even local, DNS resolution isn't possible. Typically this would mean:

eth1 - Passive collection through Bro from a tap or other
eth0 - General outbound connections, but in the case of a security audit may be disconnected, thus rendering DNS resolution not possible.

I resolved this further and prevented excessive reporter.log issues, by modifying my Bro init script to add 127.0.0.1 as the nameserver in resolv.conf when eth0 is disconnected. This would, then, be overwritten accordingly if eth0 came up because of DHCP.


> segfault in nb_dns.cc when nameserver is not reachable
> ------------------------------------------------------
>
>                 Key: BIT-1387
>                 URL: https://bro-tracker.atlassian.net/browse/BIT-1387
>             Project: Bro Issue Tracker
>          Issue Type: Problem
>          Components: Bro
>    Affects Versions: git/master, 2.3
>         Environment: Ubuntu 14.10 and Debian Minimal 7.8
>            Reporter: Frank Meier
>             Fix For: 2.4
>
>
> The segfault happens, if a nameserver is set in /etc/resolv.conf, but the network
> of the nameserver is not reachable: 
> $ cat /etc/resolv.conf 
> nameserver 192.168.1.1
> $ cat dns.bro 
> event bro_init() {
> 	when ( local result = lookup_hostname("example.com") ) {
> 	}
> }
> $ bro -v
> bro version 2.3-793
> $ bro dns.bro
> warning in /home/franky/bro-git/bro/scripts/base/init-bare.bro, line 1: problem initializing NB-DNS: connect(192.168.1.1): Network is unreachable
> warning: can't issue DNS request
> warning: can't issue DNS request
> Segmentation fault (core dumped)
> The segfault does not happen, if BRO_DNS_FAKE ist set to on or off:
> $ BRO_DNS_FAKE=0 bro dns.bro
> warning in /home/franky/bro-git/bro/scripts/base/init-bare.bro, line 1: problem initializing NB-DNS: connect(192.168.1.1): Network is unreachable
> $ BRO_DNS_FAKE=1 bro dns.bro
> warning in /home/franky/bro-git/bro/scripts/base/init-bare.bro, line 1: problem initializing NB-DNS: connect(192.168.1.1): Network is unreachable
> Here is the backtrace:
> $ gdb bro /tmp/core 
> GNU gdb (Ubuntu 7.8-1ubuntu4) 7.8.0.20141001-cvs
> [...]
> Core was generated by `bro dns.bro'.
> Program terminated with signal SIGSEGV, Segmentation fault.
> #0  nb_dns_fd (nd=0x0) at /home/franky/bro-git/bro/src/nb_dns.c:176
> 176		return (nd->s);
> (gdb) bt
> #0  nb_dns_fd (nd=0x0) at /home/franky/bro-git/bro/src/nb_dns.c:176
> #1  0x0000000000567c1d in DNS_Mgr::AnswerAvailable (this=<optimized out>, timeout=0) at /home/franky/bro-git/bro/src/DNS_Mgr.cc:1425
> #2  0x000000000056c24a in DNS_Mgr::DoProcess (this=0x15c1410, flush=false) at /home/franky/bro-git/bro/src/DNS_Mgr.cc:1382
> #3  0x000000000056c420 in DNS_Mgr::Flush (this=0x15c1410) at /home/franky/bro-git/bro/src/DNS_Mgr.cc:1334
> #4  0x0000000000540126 in done_with_network () at /home/franky/bro-git/bro/src/main.cc:316
> #5  0x000000000051f679 in main (argc=<optimized out>, argv=<optimized out>) at /home/franky/bro-git/bro/src/main.cc:1216
> fix option 1:
> diff --git a/src/DNS_Mgr.cc b/src/DNS_Mgr.cc
> index 11fd258..08f76df 100644
> --- a/src/DNS_Mgr.cc
> +++ b/src/DNS_Mgr.cc
> @@ -1422,6 +1422,10 @@ void DNS_Mgr::DoProcess(bool flush)
>  
>  int DNS_Mgr::AnswerAvailable(int timeout)
>         {
> +       if (!nb_dns) {
> +               reporter->Warning("nb_dns_fd() failed in DNS_Mgr::WaitForReplies");
> +               return -1;
> +       }
>         int fd = nb_dns_fd(nb_dns);
>         if ( fd < 0 )
>                 {
> fix option 2:
> diff --git a/src/nb_dns.c b/src/nb_dns.c
> index 33a0083..22778e2 100644
> --- a/src/nb_dns.c
> +++ b/src/nb_dns.c
> @@ -172,7 +172,9 @@ nb_dns_finish(struct nb_dns_info *nd)
>  int
>  nb_dns_fd(struct nb_dns_info *nd)
>  {
> -
> +       if (!nd) {
> +               return -1;
> +       }
>         return (nd->s);
>  }



--
This message was sent by Atlassian JIRA
(v6.5-OD-01-120#65000)


More information about the bro-dev mailing list