Created attachment 355754 [details] Return an empty string if no error message is found for a particular code. Description of problem: If you look up the strerror for a non-existent or under-documented error condition (for which there is no string error text), a SEGV will result when adns dereferences the result of a bsearch() which may be NULL. Version-Release number of selected component (if applicable): adns-1.4-5 How reproducible: Always. Steps to Reproduce: 1. Test program test.c: #include <stdio.h> #include <adns.h> int main(void) { printf("%s\n", adns_strerror(100)); printf("%s\n", adns_strerror(199)); } 2. gcc -g -o testc test.c -ladns 3. ./testc Actual results: [kylev@kylev-dt tmp]$ ./testc Inconsistent resource records in DNS Segmentation fault Expected results: [kylev@kylev-dt tmp]$ ./testc Inconsistent resource records in DNS <blank line> Additional info: The home page for adns seems to have gone AWOL, so I haven't been able to report this to Ian Jackson. Also, feel free to add me (FAS kylev) as a maintainer if you want assistance.
More illustrative if I use the constants from adns.h in my example program; both are valid possible errors. #include <stdio.h> #include <adns.h> int main(void) { printf("%s\n", adns_strerror(adns_s_inconsistent)); printf("%s\n", adns_strerror(adns_s_max_misconfig)); }
Created attachment 356492 [details] Improved patch Thanks for the patch. Unfortunately I have two objections: - I think "unknown error code" is more meaningful message than empty string. - patch returns empty string allocated on stack which is wrong and will cause problems
Note that if you are creating a new project which will use adns as a resolving library. adns upstream is not very active and adns is not able to resolve many new DNS records like AAAA (IPv6 addresses), NSEC{,3},RRSIG,DS and DNSKEY (DNSSEC extensions). Next problem is that adns is still vulnerable to CVE-2008-4100 thus applications which use adns should be used in trusted environments only.
adns-1.4-6.fc11 has been submitted as an update for Fedora 11. http://admin.fedoraproject.org/updates/adns-1.4-6.fc11
adns-1.4-6.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report.