Subject: Re: BIND for secondary zone dumps core.
To: Lars-Johan Liman <liman@autonomica.se>
From: Greywolf <greywolf@starwolf.com>
List: current-users
Date: 07/09/2001 13:08:25
[Greg Woods deleted from the cc since he's on current-users]

More in the saga.  I enabled 193.10.90.131.  I note that the address
in the core file is c0cbe60a, or 192.203.230.10, which happens to be
e.root-servers.net.

Latest coredump shows:

...
Core was generated by `named'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /usr/libexec/ld.elf_so...done.
Reading symbols from /usr/lib/libc.so.12...done.
#0  0x39a14 in ns_resp (msg=0xefffed68 "<\200", msglen=480, from={
      sin_len = 16 '\020', sin_family = 2 '\002', sin_port = 53, sin_addr = {
        s_addr = 3234588170}, sin_zero = "\000\000\000\000\000\000\000"}, 
    qsp=0x0)
    at /export/src/usr.sbin/bind/named/../../../dist/bind/bin/named/ns_resp.c:459
459			if (ina_equal(fwd->fwddata->fwdaddr.sin_addr, from.sin_addr))
(gdb) #0  0x39a14 in ns_resp (msg=0xefffed68 "<\200", msglen=480, from={
      sin_len = 16 '\020', sin_family = 2 '\002', sin_port = 53, sin_addr = {
        s_addr = 3234588170}, sin_zero = "\000\000\000\000\000\000\000"}, 
    qsp=0x0)
    at /export/src/usr.sbin/bind/named/../../../dist/bind/bin/named/ns_resp.c:459
#1  0x2c6e8 in dispatch_message (msg=0xefffed68 "<\200", msglen=480, 
    buflen=512, qsp=0x0, from={sin_len = 16 '\020', sin_family = 2 '\002', 
      sin_port = 53, sin_addr = {s_addr = 3234588170}, 
      sin_zero = "\000\000\000\000\000\000\000"}, dfd=4, ifp=0xefffed9b)
    at /export/src/usr.sbin/bind/named/../../../dist/bind/bin/named/ns_main.c:1160
#2  0x2c424 in datagram_read (lev={opaque = 0x106000}, uap=0x0, fd=4, evmask=1)
    at /export/src/usr.sbin/bind/named/../../../dist/bind/bin/named/ns_main.c:1102
#3  0x6430c in __evDispatch (opaqueCtx={opaque = 0xc55b8}, opaqueEv={
      opaque = 0x1})
    at /export/src/usr.sbin/bind/lib/../../../dist/bind/lib/isc/eventlib.c:487
#4  0x2ad90 in main (argc=770048, argv=0xbc000, envp=0x84400)
    at /export/src/usr.sbin/bind/named/../../../dist/bind/bin/named/ns_main.c:552
#5  0x12138 in ___start ()
(gdb) 

On Mon, 9 Jul 2001, Lars-Johan Liman wrote:

# Date: Mon, 09 Jul 2001 09:41:03 +0200
# From: Lars-Johan Liman <liman@autonomica.se>
# To: greywolf@starwolf.com
# Cc: current-users@netbsd.org, woods@weird.com
# Subject: Re: BIND for secondary zone dumps core.
# 
# woods@weird.com:
# > We could take this offline I guess, though it seems as if there
# > could be good lessons for other readers.
# 
# If you do, please keep me in the Cc: list.
# 
# Greywolf,
# 
# Any chance that you could open up for AXFR from the _master_? I would
# like to see if this is reproduceable on other platforms, and play
# around with different versions of BIND to find the extent of this
# "vulnerability". If so, please open up for 193.10.90.131.
# 
# 				Best regards,
# 				  /Lars-Johan Liman
# 				   a.k.a. hostmaster@i.root-servers.net

				--*greywolf;
--
NetBSD: Microsoft ask you where you want to go.  BSD gets you there.