Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 915792

Summary: Invalid transfer and query policy can crash BIND with bind-dyndb-ldap
Product: Red Hat Enterprise Linux 7 Reporter: Petr Spacek <pspacek>
Component: bind-dyndb-ldapAssignee: Petr Spacek <pspacek>
Status: CLOSED CURRENTRELEASE QA Contact: IDM QE LIST <seceng-idm-qe-list>
Severity: unspecified Docs Contact:
Priority: medium    
Version: 7.0CC: nsoman, pspacek
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: bind-dyndb-ldap-3.5-1.el7 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-06-13 12:12:07 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Petr Spacek 2013-02-26 14:28:06 UTC 
This bug is created as a clone of upstream ticket:
https://fedorahosted.org/bind-dyndb-ldap/ticket/109

Set `idnsAllowTransfer` attribute to `xnone;` and you should see a crash:

{{{
25-Feb-2013 16:02:59.444 parser.c:1587: REQUIRE(mapobj != ((void *)0) && mapobj->type->rep == &cfg_rep_map) failed, back trace
}}}

Back trace:
{{{
Program received signal SIGABRT, Aborted.
[Switching to Thread 0x7ffff3ee9700 (LWP 11909)]
0x00007ffff4d82935 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
64	  return INLINE_SYSCALL (tgkill, 3, pid, selftid, sig);
Missing separate debuginfos, use: debuginfo-install sssd-client-1.8.6-1.fc17.x86_64
(gdb) bt
#0  0x00007ffff4d82935 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#1  0x00007ffff4d840e8 in __GI_abort () at abort.c:91
#2  0x000055555557f77b in assertion_failed (file=0x7ffff738054a "parser.c", line=1587, type=isc_assertiontype_require, 
    cond=0x7ffff73809b0 "mapobj != ((void *)0) && mapobj->type->rep == &cfg_rep_map") at ./main.c:219
#3  0x00007ffff61b7ddd in isc_assertion_failed (file=0x7ffff738054a "parser.c", line=1587, type=isc_assertiontype_require, 
    cond=0x7ffff73809b0 "mapobj != ((void *)0) && mapobj->type->rep == &cfg_rep_map") at assertions.c:57
#4  0x00007ffff737c129 in cfg_map_get (mapobj=0x0, name=0x7ffff737e957 "acl", obj=0x7ffff3ee88e0) at parser.c:1587
#5  0x00007ffff7374e28 in get_acl_def (cctx=0x0, name=0x7ffff7f95268 "xnone", ret=0x7ffff3ee8940) at aclconf.c:109
#6  0x00007ffff7375606 in count_acl_elements (caml=0x7ffff7faf400, cctx=0x0, has_negative=0x0) at aclconf.c:254
#7  0x00007ffff73757bc in cfg_acl_fromconfig (caml=0x7ffff7faf400, cctx=0x0, lctx=0x555555808720, ctx=0x7fffeb3e3dd0, mctx=0x5555557f7250, nest_level=0, 
    target=0x7ffff3ee8b00) at aclconf.c:306
#8  0x00007fffeb0e4579 in acl_from_ldap (mctx=0x5555557f7250, aclstr=0x7fffb00134a0 "xnone;", type=acl_type_transfer, aclp=0x7ffff3ee8b38) at acl.c:498
#9  0x00007fffeb0efb4b in ldap_parse_zoneentry (entry=0x7fffeb3f5dd8, inst=0x7fffeb3db010) at ldap_helper.c:1352
#10 0x00007fffeb0f7ce2 in update_zone (task=0x7ffff7f97010, event=0x7fffeb3fcd90) at ldap_helper.c:3369
#11 0x00007ffff61df4d1 in dispatch (manager=0x7ffff7f84010) at task.c:1116
#12 0x00007ffff61df7e5 in run (uap=0x7ffff7f84010) at task.c:1286
#13 0x00007ffff5b8cd14 in start_thread (arg=0x7ffff3ee9700) at pthread_create.c:309
#14 0x00007ffff4e3e68d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:115
}}}

Apparently, configuration context can't be NULL at `acl.c:498`:

{{{
CHECK(cfg_acl_fromconfig(aclobj, NULL, dns_lctx, aclctx, mctx, 0, &acl));
}}}
Comment 1 Namita Soman 2013-03-13 18:05:54 UTC 
please add steps to verify
Comment 2 Petr Spacek 2013-03-13 19:10:31 UTC 
(In reply to comment #1)
> please add steps to verify

Please see first sentence of bug description: 
Set `idnsAllowTransfer` attribute to `xnone;` and you should see a crash.
Comment 3 Petr Spacek 2013-03-25 15:40:44 UTC 
Fixed in upstream by commit 654971e45872471b800fa3f5afd7f7f383d168e9
Comment 6 Petr Spacek 2013-10-01 12:31:04 UTC 
Moving to ON_QA, I probably forgot to change bug status.
Comment 7 Namita Soman 2014-01-30 20:36:12 UTC 
verified using bind-dyndb-ldap-3.5-3.el7.x86_64, ipa-server-3.3.3-15.el7.x86_64

Steps taken:

1> Add a new zone:
# ipa dnszone-add bz915792
Authoritative nameserver: cloud-qe-4.testrelm.com.
Administrator e-mail address [hostmaster.bz915792.]: 
  Zone name: bz915792
  Authoritative nameserver: cloud-qe-4.testrelm.com.
  Administrator e-mail address: hostmaster.bz915792.
  SOA serial: 1391113628
  SOA refresh: 3600
  SOA retry: 900
  SOA expire: 1209600
  SOA minimum: 3600
  BIND update policy: grant TESTRELM.COM krb5-self * A; grant TESTRELM.COM krb5-self * AAAA; grant TESTRELM.COM krb5-self * SSHFP;
  Active zone: TRUE
  Dynamic update: FALSE
  Allow query: any;
  Allow transfer: none;


2> Update its `idnsAllowTransfer` attribute to be `xnone;`
# ipa dnszone-mod --allow-transfer="xnone" bz915792
ipa: ERROR: invalid 'allow_transfer': failed to detect a valid IP address from 'xnone'

There was no crash, because validation did not allow the attribute to have an invalid value.
Comment 8 Petr Spacek 2014-01-31 08:33:42 UTC 
(In reply to Namita Soman from comment #7)
> 2> Update its `idnsAllowTransfer` attribute to be `xnone;`
> # ipa dnszone-mod --allow-transfer="xnone" bz915792
> ipa: ERROR: invalid 'allow_transfer': failed to detect a valid IP address
> from 'xnone'
> 
> There was no crash, because validation did not allow the attribute to have
> an invalid value.

Namita, you have to use ldapmodify to insert the value to LDAP to test this bug. This tests only IPA validators but not bind-dyndb-ldap.
Comment 9 Namita Soman 2014-02-03 20:07:47 UTC 
# ipa dnszone-add
Authoritative nameserver: cloud-qe-4.testrelm.com.
Zone name: bz915792
Administrator e-mail address [hostmaster.bz915792.]: 
  Zone name: bz915792
  Authoritative nameserver: cloud-qe-4.testrelm.com.
  Administrator e-mail address: hostmaster.bz915792.
  SOA serial: 1391457719
  SOA refresh: 3600
  SOA retry: 900
  SOA expire: 1209600
  SOA minimum: 3600
  BIND update policy: grant TESTRELM.COM krb5-self * A; grant TESTRELM.COM krb5-self * AAAA; grant TESTRELM.COM krb5-self * SSHFP;
  Active zone: TRUE
  Dynamic update: FALSE
  Allow query: any;
  Allow transfer: none;


# ipa dnszone-show bz915792 --all --raw
  dn: idnsname=bz915792,cn=dns,dc=testrelm,dc=com
  idnsAllowDynUpdate: FALSE
  idnsAllowQuery: any;
  idnsAllowTransfer: none;
  idnsName: bz915792
  idnsSOAexpire: 1209600
  idnsSOAmName: cloud-qe-4.testrelm.com.
  idnsSOAminimum: 3600
  idnsSOArName: hostmaster.bz915792.
  idnsSOArefresh: 3600
  idnsSOAretry: 900
  idnsSOAserial: 1391457721
  idnsUpdatePolicy: grant TESTRELM.COM krb5-self * A; grant TESTRELM.COM krb5-self * AAAA; grant TESTRELM.COM krb5-self * SSHFP;
  idnsZoneActive: TRUE
  nSRecord: cloud-qe-4.testrelm.com.
  objectClass: top
  objectClass: idnsrecord
  objectClass: idnszone

# cat badValue.ldif 
dn: idnsname=bz915792,cn=dns,dc=testrelm,dc=com
changetype: modify
replace: idnsAllowTransfer
idnsAllowTransfer: xnone


# systemctl status named
named.service - Berkeley Internet Name Domain (DNS)
   Loaded: loaded (/usr/lib/systemd/system/named.service; disabled)
   Active: active (running) since Mon 2014-02-03 11:28:42 EST; 3h 34min ago
<..snip..>


# ldapmodify  -D "cn=Directory Manager" -w Secret123  -f badValue.ldif 
modifying entry "idnsname=bz915792,cn=dns,dc=testrelm,dc=com"

# ipa dnszone-show bz915792 --all --raw
  dn: idnsname=bz915792,cn=dns,dc=testrelm,dc=com
  idnsAllowDynUpdate: FALSE
  idnsAllowQuery: any;
  idnsAllowTransfer: xnone   <<<<<<
  idnsName: bz915792
  idnsSOAexpire: 1209600
  idnsSOAmName: cloud-qe-4.testrelm.com.
  idnsSOAminimum: 3600
  idnsSOArName: hostmaster.bz915792.
  idnsSOArefresh: 3600
  idnsSOAretry: 900
  idnsSOAserial: 1391457796
  idnsUpdatePolicy: grant TESTRELM.COM krb5-self * A; grant TESTRELM.COM krb5-self * AAAA; grant TESTRELM.COM krb5-self * SSHFP;
  idnsZoneActive: TRUE
  nSRecord: cloud-qe-4.testrelm.com.
  objectClass: top
  objectClass: idnsrecord
  objectClass: idnszone



# systemctl status named
named.service - Berkeley Internet Name Domain (DNS)
   Loaded: loaded (/usr/lib/systemd/system/named.service; disabled)
   Active: active (running) since Mon 2014-02-03 15:03:06 EST; 47s ago
<..snip..>
Feb 03 15:03:32 cloud-qe-4.testrelm.com named[18926]: transfer ACL parsing failed: 'xnone': failure
Feb 03 15:03:32 cloud-qe-4.testrelm.com named[18926]: zone bz915792/IN: transfer policy is invalid: failure; configuring most restrictive transfer policy as possible
Feb 03 15:03:32 cloud-qe-4.testrelm.com named[18926]: update_zone (psearch) failed for 'idnsname=bz915792,cn=dns,dc=testrelm,dc=com'. Zones can be outdated, run `rndc reload`: failure
Hint: Some lines were ellipsized, use -l to show in full.


bind didn't crash with this invalid value, and status indicates - it is still running.
Comment 10 Ludek Smid 2014-06-13 12:12:07 UTC 
This request was resolved in Red Hat Enterprise Linux 7.0.

Contact your manager or support representative in case you have further questions about the request.