search

gamelinux / passivedns

A network sniffer that logs all DNS server replies for use in a passive DNS setup
http://gamelinux.org/
1.67k stars 372 forks source link

segfault on NXDOMAIN/SERVFAIL responses on CentOS 7 #71

Closed rcgraves closed 8 years ago

rcgraves commented 8 years ago

This appears to be a regression. A binary compiled on November 25 does not crash.

Encountered on a test CentOS 7 DNS server. Valid queries are recorded in /var/log/passivedns.log, but NXDOMAIN and SERVFAIL cause passivedns freshly compiled from git HEAD with default options to crash.

(gdb) run -P 5 -u 990 -g 990 -i eth0 -T /var/empty -X 46CPxsr Starting program: /usr/local/bin/passivedns -P 5 -u 990 -g 990 -i eth0 -T /var/empty -X 46CPxsr

[] PassiveDNS 1.2.0 [] By Edward Bjarte Fjellskål edward.fjellskaal@gmail.com [] Using libpcap version 1.5.3 [] Using ldns version 1.6.16 [] Device: eth0 [] Chrooting to dir '/var/empty'.. [] Dropping privs... [] Sniffing...

Program received signal SIGSEGV, Segmentation fault. 0x0000000000405922 in print_passet () (gdb) backtrace

0 0x0000000000405922 in print_passet ()

1 0x00000000004072a1 in cache_dns_objects ()

2 0x0000000000407bb8 in dns_parser ()

3 0x0000000000404f12 in got_packet ()

4 0x00007ffff7ba299e in pcap_handle_packet_mmap (handle=handle@entry=0x695250,

callback=callback@entry=0x404b10 <got_packet>, user=user@entry=0x0, frame=frame@entry=0x7ffff6b36000 "\001",
tp_len=<optimized out>, tp_mac=<optimized out>, tp_snaplen=126, tp_sec=1453346274, tp_usec=471686,
tp_vlan_tci_valid=0, tp_vlan_tci=0) at ./pcap-linux.c:4361

5 0x00007ffff7ba6ae1 in pcap_read_linux_mmap_v2 (handle=0x695250, max_packets=-1, callback=0x404b10 ,

user=0x0) at ./pcap-linux.c:4463

6 0x00007ffff7bab19d in pcap_loop (p=0x695250, cnt=-1, callback=0x404b10 , user=0x0) at ./pcap.c:862

7 0x0000000000402683 in main ()

(tcpdump sample)

21:19:46.276349 IP (tos 0x0, ttl 63, id 16935, offset 0, flags [none], proto UDP (17), length 131) 137.22.198.40.domain > 137.22.1.38.41158: [udp sum ok] 49202 NXDomain* q: A? ww424.google.com.carleton.edu. 0/1/0 ns: carleton.edu. [1h] SOA ns.carleton.edu. nic-tech-contact.carleton.edu. 1453345202 1500 600 1209600 7200 (103) 21:19:46.276645 IP (tos 0x0, ttl 64, id 15894, offset 0, flags [none], proto UDP (17), length 79) 137.22.1.38.56286 > 137.22.198.40.domain: [bad udp cksum 0xd9c7 -> 0x861a!] 6205+ A? ww424.google.com.ads.carleton.edu. (51) 21:19:46.276859 IP (tos 0x0, ttl 63, id 16936, offset 0, flags [none], proto UDP (17), length 79) 137.22.198.40.domain > 137.22.1.38.56286: [udp sum ok] 6205 ServFail q: A? ww424.google.com.ads.carleton.edu. 0/0/0 (51)

rcgraves commented 8 years ago

..and yes, removing "xs" (logging just -X 46CPr) eliminates the crash. But I do want to log NXDOMAINs.

rcgraves commented 8 years ago

Sorry, should have tried this first. Problem is only in the very latest commit; previous c7fdf72bf5f9bcb60973b9eab4fa0822c613ccc7 does not crash.

Strange, since I'm not actually printing "p"...

thus commented 8 years ago

I managed to reproduce the crash. I'll fix it as soon as I get the chance.

thus commented 8 years ago

This issue should be fixed by 32015b2. Please let me know if this is true or not.