Bug 514838 - adns_strerror() SEGV if there is no error string for a particular error number
adns_strerror() SEGV if there is no error string for a particular error number
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: adns (Show other bugs)
11
All Linux
medium Severity medium
: ---
: ---
Assigned To: Adam Tkac
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2009-07-30 20:13 EDT by Kyle VanderBeek
Modified: 2013-04-30 19:44 EDT (History)
5 users (show)

See Also:
Fixed In Version: 1.4-6.fc11
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-08-07 00:56:57 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)
Return an empty string if no error message is found for a particular code. (395 bytes, patch)
2009-07-30 20:13 EDT, Kyle VanderBeek
no flags Details | Diff
Improved patch (762 bytes, patch)
2009-08-06 08:01 EDT, Adam Tkac
no flags Details | Diff

  None (edit)
Description Kyle VanderBeek 2009-07-30 20:13:34 EDT
Created attachment 355754 [details]
Return an empty string if no error message is found for a particular code.

Description of problem:
If you look up the strerror for a non-existent or under-documented error condition (for which there is no string error text), a SEGV will result when adns dereferences the result of a bsearch() which may be NULL.

Version-Release number of selected component (if applicable):
adns-1.4-5

How reproducible:
Always.

Steps to Reproduce:
1. Test program test.c:
#include <stdio.h>
#include <adns.h>

int main(void) {
    printf("%s\n", adns_strerror(100));
    printf("%s\n", adns_strerror(199));
}

2. gcc -g -o testc test.c -ladns

3. ./testc
  
Actual results:
[kylev@kylev-dt tmp]$ ./testc 
Inconsistent resource records in DNS
Segmentation fault

Expected results:
[kylev@kylev-dt tmp]$ ./testc 
Inconsistent resource records in DNS
<blank line>

Additional info:
The home page for adns seems to have gone AWOL, so I haven't been able to report this to Ian Jackson.  Also, feel free to add me (FAS kylev) as a maintainer if you want assistance.
Comment 1 Kyle VanderBeek 2009-07-30 21:20:33 EDT
More illustrative if I use the constants from adns.h in my example program; both are valid possible errors.

#include <stdio.h>
#include <adns.h>

int main(void) {
    printf("%s\n", adns_strerror(adns_s_inconsistent));
    printf("%s\n", adns_strerror(adns_s_max_misconfig));
}
Comment 2 Adam Tkac 2009-08-06 08:01:53 EDT
Created attachment 356492 [details]
Improved patch

Thanks for the patch. Unfortunately I have two objections:

- I think "unknown error code" is more meaningful message than empty string.
- patch returns empty string allocated on stack which is wrong and will cause problems
Comment 3 Adam Tkac 2009-08-06 08:11:07 EDT
Note that if you are creating a new project which will use adns as a resolving library.

adns upstream is not very active and adns is not able to resolve many new DNS records like AAAA (IPv6 addresses), NSEC{,3},RRSIG,DS and DNSKEY (DNSSEC extensions). Next problem is that adns is still vulnerable to CVE-2008-4100 thus applications which use adns should be used in trusted environments only.
Comment 4 Fedora Update System 2009-08-06 08:25:00 EDT
adns-1.4-6.fc11 has been submitted as an update for Fedora 11.
http://admin.fedoraproject.org/updates/adns-1.4-6.fc11
Comment 5 Fedora Update System 2009-08-07 00:56:53 EDT
adns-1.4-6.fc11 has been pushed to the Fedora 11 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.