[19043] in bugtraq
Re: Bug in Bind 9.1.0? [Summary]
daemon@ATHENA.MIT.EDU (Ben Greenbaum)
Tue Feb 6 15:12:45 2001
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-ID: <Pine.GSO.4.30.0102061124420.1894-100000@mail>
Date: Tue, 6 Feb 2001 11:26:33 -0700
Reply-To: Ben Greenbaum <bgreenbaum@SECURITYFOCUS.COM>
From: Ben Greenbaum <bgreenbaum@SECURITYFOCUS.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
This appears to not be as big a problem as it might have seemed, based
on the original report.
-------------------------------------------
From: Jonas Thambert <JonasT@guld.spray.se>
I wasnt able to replicate this error on a
fully patched RH 7.0 with BIND 9.1.0.
----------------------------------------------
From: Stephen Clouse <stephenc@theiqgroup.com>
No effect on bind-9.1.0 built from source on linux (slackware-7.0, kernel
2.4.0).
-------------------------------------------
From: Ian Gulliver <ian@penguinhosting.net>
I can't reproduce this using bind 9.1.0 on Linux 2.2.16/glibc 2.1.3 against
nmap 2.54BETA1. The source line listed would trigger if a socket family
other than AF_INET or AF_INET6 was being used. A quick grep through the
nmap source, however, shows nothing other than AF_INET passed to socket().
------------------------------------------------
From: "Smith, John" <john.smith@minolta-qms.com>
I cannot duplicate this with Bind 9.1.0 running on a Solaris 7 box.
The Bind install is plain vanilla (configure, make, make install).
------------------------------------------------
From: Phil Brutsche <pbrutsch@tux.creighton.edu>
I haven't been able to reproduce this so far.
I'm using BIND 9.1.0 on Debian "potato", with Linux kernel 2.4.0, and nmap
2.53 to scan the server.
Hrm... looking at the source, I think there may be other issues with your
crash. From lib/isc/netaddr.c (offending INSIST(0) is underlined):
void
isc_netaddr_fromsockaddr(isc_netaddr_t *t, const isc_sockaddr_t *s) {
int family = s->type.sa.sa_family;
t->family = family;
switch (family) {
case AF_INET:
t->type.in = s->type.sin.sin_addr;
break;
case AF_INET6:
memcpy(&t->type.in6, &s->type.sin6.sin6_addr, 16);
break;
default:
INSIST(0);
^^^^^^^^^
}
}
------------------------------------------
From: Lucian Hudin <luci@warp.transart.ro>
the "problem" lies in file netaddr.c in bind 9.1.0 , line 231 with
"INSIST(0);"
this is not a bug, imho. You can compile named without asserts.
(#define ISC_CHECK_NONE in include/isc/assertions.h).
void
isc_netaddr_fromsockaddr(isc_netaddr_t *t, const isc_sockaddr_t *s) {
int family = s->type.sa.sa_family;
t->family = family;
switch (family) {
case AF_INET:
t->type.in = s->type.sin.sin_addr;
break;
case AF_INET6:
memcpy(&t->type.in6, &s->type.sin6.sin6_addr, 16);
break;
default:
INSIST(0);
}
}
searching for INSIST in source code tree also reveals this :
in "bin/tests/system/resolver/tests.sh"
"# If the server has the "INSIST(!external)" bug, this query will kill it.
$DIG +tcp www.example.com. a @10.53.0.1 -p 5300 >/dev/null || status=1"
Ben Greenbaum
Director of Site Content
SecurityFocus
http://www.securityfocus.com
