Bug 1034824 - Assertion failure in nsupdate on certain input
Summary: Assertion failure in nsupdate on certain input
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: bind
Version: 7.0
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Tomáš Hozza
QA Contact: Juraj Marko
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-11-26 14:58 UTC by Nikolai Kondrashov
Modified: 2015-09-01 03:39 UTC (History)
3 users (show)

Fixed In Version: bind-9.9.4-6.el7
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-06-13 13:14:55 UTC
Target Upstream Version:

Attachments (Terms of Use)
core.20545.gz (283.74 KB, application/x-gzip)
2013-11-26 14:58 UTC, Nikolai Kondrashov 		no flags Details
Fix for memory leak (927 bytes, patch)
2013-11-27 15:38 UTC, Tomáš Hozza 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Description Nikolai Kondrashov 2013-11-26 14:58:13 UTC 
Created attachment 829312 [details]
core.20545.gz

Description of problem:
nsupdate terminates with assertion failure while attempting to update records in GSS-TSIG mode with certain input:

The gdb backtrace of the core is:

#0  0x00007f5d2887c979 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
#1  0x00007f5d2887e088 in __GI_abort () at abort.c:90
#2  0x00007f5d2a7fc1cf in isc_assertion_failed (file=file@entry=0x7f5d2a838358 "mem.c", line=line@entry=1102, type=type@entry=isc_assertiontype_insist, cond=cond@entry=0x7f5d2a838447 "ctx->stats[i].gets == 0U") at assertions.c:58
#3  0x00007f5d2a80b361 in destroy (ctx=ctx@entry=0x74f030) at mem.c:1102
#4  0x00007f5d2a80b7cc in isc__mem_destroy (ctxp=ctxp@entry=0x60f0e0 <mctx>) at mem.c:1253
#5  0x0000000000404ef7 in cleanup () at ./nsupdate.c:2961
#6  main (argc=2, argv=0x7fff40cd7378) at ./nsupdate.c:3013

Version-Release number of selected component (if applicable):
bind-utils-9.9.4-5.el7.x86_64

How reproducible:
Always

Steps to Reproduce:
Ensure that a Kerberos ticket appropriate for the update is acquired and execute the following, possibly modifying names and addresses:

nsupdate -g <<<'
realm EXAMPLE.COM
update delete dyndns-refresh.example.com. in A
send
realm EXAMPLE.COM
update delete 17.122.168.192.in-addr.arpa. in PTR
send
'

Actual results:
Output:
mem.c:1102: INSIST(ctx->stats[i].gets == 0U) failed, back trace
#0 0x7f4a5c8e6264 in ??
#1 0x7f4a5c8e61ca in ??
#2 0x7f4a5c8f5361 in ??
#3 0x7f4a5c8f57cc in ??
#4 0x404ef7 in ??
#5 0x7f4a5a952af5 in ??
#6 0x405085 in ??
Aborted (core dumped)

Exit status: 134

Expected results:
No output.
Exit status: 0
Comment 2 Tomáš Hozza 2013-11-27 14:50:09 UTC 
Thank you for your report.

The assertion is caused by memory leak caused by multiple
'realm' statements.
Comment 3 Tomáš Hozza 2013-11-27 15:38:42 UTC 
Created attachment 829781 [details]
Fix for memory leak
Comment 4 Tomáš Hozza 2013-11-27 15:39:35 UTC 
Patch sent to Upstream... [ISC-Bugs #35073]
Comment 5 Tomáš Hozza 2013-11-28 08:08:03 UTC 
Upstream accepted the fix.
Comment 9 Ludek Smid 2014-06-13 13:14:55 UTC 
This request was resolved in Red Hat Enterprise Linux 7.0.

Contact your manager or support representative in case you have further questions about the request.
Note You need to log in before you can comment on or make changes to this bug.