Bug 514838 - adns_strerror() SEGV if there is no error string for a particular error number
Summary: adns_strerror() SEGV if there is no error string for a particular error number
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: adns
Version: 11
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Adam Tkac
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2009-07-31 00:13 UTC by Kyle VanderBeek
Modified: 2013-04-30 23:44 UTC (History)
5 users (show)

Fixed In Version: 1.4-6.fc11
Clone Of:
Environment:
Last Closed: 2009-08-07 04:56:57 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)
Return an empty string if no error message is found for a particular code. (395 bytes, patch)
2009-07-31 00:13 UTC, Kyle VanderBeek
no flags Details | Diff
Improved patch (762 bytes, patch)
2009-08-06 12:01 UTC, Adam Tkac
no flags Details | Diff

Description Kyle VanderBeek 2009-07-31 00:13:34 UTC
Created attachment 355754 [details]
Return an empty string if no error message is found for a particular code.

Description of problem:
If you look up the strerror for a non-existent or under-documented error condition (for which there is no string error text), a SEGV will result when adns dereferences the result of a bsearch() which may be NULL.

Version-Release number of selected component (if applicable):
adns-1.4-5

How reproducible:
Always.

Steps to Reproduce:
1. Test program test.c:
#include <stdio.h>
#include <adns.h>

int main(void) {
    printf("%s\n", adns_strerror(100));
    printf("%s\n", adns_strerror(199));
}

2. gcc -g -o testc test.c -ladns

3. ./testc
  
Actual results:
[kylev@kylev-dt tmp]$ ./testc 
Inconsistent resource records in DNS
Segmentation fault

Expected results:
[kylev@kylev-dt tmp]$ ./testc 
Inconsistent resource records in DNS
<blank line>

Additional info:
The home page for adns seems to have gone AWOL, so I haven't been able to report this to Ian Jackson.  Also, feel free to add me (FAS kylev) as a maintainer if you want assistance.

Comment 1 Kyle VanderBeek 2009-07-31 01:20:33 UTC
More illustrative if I use the constants from adns.h in my example program; both are valid possible errors.

#include <stdio.h>
#include <adns.h>

int main(void) {
    printf("%s\n", adns_strerror(adns_s_inconsistent));
    printf("%s\n", adns_strerror(adns_s_max_misconfig));
}

Comment 2 Adam Tkac 2009-08-06 12:01:53 UTC
Created attachment 356492 [details]
Improved patch

Thanks for the patch. Unfortunately I have two objections:

- I think "unknown error code" is more meaningful message than empty string.
- patch returns empty string allocated on stack which is wrong and will cause problems

Comment 3 Adam Tkac 2009-08-06 12:11:07 UTC
Note that if you are creating a new project which will use adns as a resolving library.

adns upstream is not very active and adns is not able to resolve many new DNS records like AAAA (IPv6 addresses), NSEC{,3},RRSIG,DS and DNSKEY (DNSSEC extensions). Next problem is that adns is still vulnerable to CVE-2008-4100 thus applications which use adns should be used in trusted environments only.

Comment 4 Fedora Update System 2009-08-06 12:25:00 UTC
adns-1.4-6.fc11 has been submitted as an update for Fedora 11.
http://admin.fedoraproject.org/updates/adns-1.4-6.fc11

Comment 5 Fedora Update System 2009-08-07 04:56:53 UTC
adns-1.4-6.fc11 has been pushed to the Fedora 11 stable repository.  If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.