514838 – adns_strerror() SEGV if there is no error string for a particular error number

Bug 514838 - adns_strerror() SEGV if there is no error string for a particular error number

Summary: adns_strerror() SEGV if there is no error string for a particular error number

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	adns
Sub Component:
Version:	11
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Adam Tkac
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2009-07-31 00:13 UTC by Kyle VanderBeek
Modified:	2013-04-30 23:44 UTC (History)
CC List:	5 users (show)
Fixed In Version:	1.4-6.fc11
Clone Of:
Environment:
Last Closed:	2009-08-07 04:56:57 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
Return an empty string if no error message is found for a particular code. (395 bytes, patch) 2009-07-31 00:13 UTC, Kyle VanderBeek	no flags	Details \| Diff
Improved patch (762 bytes, patch) 2009-08-06 12:01 UTC, Adam Tkac	no flags	Details \| Diff
Show Obsolete (1) View All

Description Kyle VanderBeek 2009-07-31 00:13:34 UTC

Created attachment 355754 [details]
Return an empty string if no error message is found for a particular code.

Description of problem:
If you look up the strerror for a non-existent or under-documented error condition (for which there is no string error text), a SEGV will result when adns dereferences the result of a bsearch() which may be NULL.

Version-Release number of selected component (if applicable):
adns-1.4-5

How reproducible:
Always.

Steps to Reproduce:
1. Test program test.c:
#include <stdio.h>
#include <adns.h>

int main(void) {
    printf("%s\n", adns_strerror(100));
    printf("%s\n", adns_strerror(199));
}

2. gcc -g -o testc test.c -ladns

3. ./testc
  
Actual results:
[kylev@kylev-dt tmp]$ ./testc 
Inconsistent resource records in DNS
Segmentation fault

Expected results:
[kylev@kylev-dt tmp]$ ./testc 
Inconsistent resource records in DNS
<blank line>

Additional info:
The home page for adns seems to have gone AWOL, so I haven't been able to report this to Ian Jackson.  Also, feel free to add me (FAS kylev) as a maintainer if you want assistance.

Comment 1 Kyle VanderBeek 2009-07-31 01:20:33 UTC

More illustrative if I use the constants from adns.h in my example program; both are valid possible errors.

#include <stdio.h>
#include <adns.h>

int main(void) {
    printf("%s\n", adns_strerror(adns_s_inconsistent));
    printf("%s\n", adns_strerror(adns_s_max_misconfig));
}

Comment 2 Adam Tkac 2009-08-06 12:01:53 UTC

Created attachment 356492 [details]
Improved patch

Thanks for the patch. Unfortunately I have two objections:

- I think "unknown error code" is more meaningful message than empty string.
- patch returns empty string allocated on stack which is wrong and will cause problems

Comment 3 Adam Tkac 2009-08-06 12:11:07 UTC

Note that if you are creating a new project which will use adns as a resolving library.

adns upstream is not very active and adns is not able to resolve many new DNS records like AAAA (IPv6 addresses), NSEC{,3},RRSIG,DS and DNSKEY (DNSSEC extensions). Next problem is that adns is still vulnerable to CVE-2008-4100 thus applications which use adns should be used in trusted environments only.

Comment 4 Fedora Update System 2009-08-06 12:25:00 UTC

adns-1.4-6.fc11 has been submitted as an update for Fedora 11.
http://admin.fedoraproject.org/updates/adns-1.4-6.fc11

Comment 5 Fedora Update System 2009-08-07 04:56:53 UTC

adns-1.4-6.fc11 has been pushed to the Fedora 11 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.