mdnsd Starting mdnsd -d with more than 30 interfaces causes a segfault

Starting mdnsd -d with more than 30 interfaces causes a segfault

Open opsec opened this issue 6 years ago • 3 comments

mdnsd -d cat /tmp/list with more than 30 interfaces causes mdnsd to segfault.

Aug 04 '18 09:08 opsec

(ups: On freebsd 11.1, amd64)

Aug 04 '18 09:08 opsec

Can you try the following? It should crash but show where (use gdb/lldb). If ASan is happy with symbols it may even point at a bug.

$ make all install DEBUG_FLAGS=-g NO_CPU_CFLAGS= -C /usr/src/lib/libc
$ make all install DEBUG_FLAGS=-g NO_CPU_CFLAGS= -C /usr/src/lib/libthr
$ CFLAGS=-fsanitize=address make clean all deinstall install WITH_DEBUG= NO_CPU_CFLAGS= -C /usr/ports/devel/libevent
$ CFLAGS=-fsanitize=address make clean all deinstall install WITH_DEBUG= NO_CPU_CFLAGS= -C /usr/ports/devel/libopenbsd
$ CFLAGS=-fsanitize=address make clean all deinstall install WITH_DEBUG= NO_CPU_CFLAGS= -C /usr/ports/dns/openmdns
$ mdnsd -d `cat /tmp/list`

Aug 16 '18 23:08 jbeich

After looking at the code, this is probably triggered by PGE_RR_MAX being set to 32 and the limit never being checked when adding reverse records via pge_initprimary, setting up the code to write to unallocated memory. The first entry is set to "0.0.0.0" leaving only 30 entries left.

Dec 16 '19 09:12 twinshadow

mdnsd mdnsd copied to clipboard

Starting mdnsd -d with more than 30 interfaces causes a segfault

mdnsd
mdnsd copied to clipboard