search

blechschmidt / massdns

A high-performance DNS stub resolver for bulk lookups and reconnaissance (subdomain enumeration)
GNU General Public License v3.0
3.13k stars 462 forks source link

Bugs with dedicated resolvers #126

Closed infosec-it-init closed 2 years ago

infosec-it-init commented 2 years ago

Hi @blechschmidt Thanks for including our PR #116 and supporting dedicated resolvers per request. I was busy with other stuff, so I noticed the merge only lately. And now, during testing your new code I found a bug with the dedicated resolvers feature (probably introduced by supporting multiple types): The previous array of resolvers is not reset, so the array is extended for every query. Also, there is a malloc/free problem due to this multi-usage of the dedicated resolvers.

Linux:

free(): corrupted unsorted chunks

macOS:

massdns(11933,0x113e75600) malloc: Incorrect checksum for freed object 0x7fcc167045f8: probably modified after being freed.
Corrupt value: 0xafffffffffffffff
massdns(11933,0x113e75600) malloc: *** set a breakpoint in malloc_error_break to debug

A simple test to reproduce:

one.one.one.one
google-public-dns-a.google.com 0.0.0.0 0.0.0.0 8.8.4.4
google-public-dns-b.google.com 0.0.0.0 0.0.0.0 1.1.1.1

resolvers file:

8.8.8.8

Expectation:

google-public-dns-a.google.com. 8.8.4.4:53
google-public-dns-b.google.com. 1.1.1.1:53
one.one.one.one. 8.8.8.8:53

for 

"$DIR"/../../bin/massdns --extended-input -c 50 -r "$DIR"/google-dns.txt --quiet -o J "$DIR"/names.txt | jq -r '(.name + " " + .resolver)' | sort | grep -E -q "`cat $DIR/expected`"

I created a PR to fix the bug including the test case: #125

blechschmidt commented 2 years ago

Thank you very much! I have merged your fix.