I attempted to submit this bug report via the online form, but that failed
("Failed to send your message. Please try later or contact the
administrator by another method.")Bind, configured with "dlz postgresql", successfully connects to the database, but crashes (or corrupts the heap, randomly) on the very first query submitted, if the "find zone" query receives a "permission denied" error from Postgresql. The problem goes away when I correct the permissions on the table. :) However, BIND should not crash or corrupt its heap on a database query error. I have not reviewed the DLZ postgresql driver code, but I suspect that the error handler needs some tender loving care. :) Stack trace included (see below): CREATE TABLE dns_records ( zone text, host text, ttl integer, type text, mx_priority integer, data text, resp_person text, serial integer, refresh integer, retry integer, minimum integer, expire integer ) WITH ( OIDS=FALSE ); ALTER TABLE dns_records OWNER TO pgsql; (no additional grants, and BIND is configured to connect as the user/role "dns", which does NOT have "select" permission on the table (yet)). Relevant bind config: # http://bind-dlz.sourceforge.net/postgresql_example.html # http://bind-dlz.sourceforge.net/postgresql_driver.html dlz "postgres zone" { database "postgres 2 {host=REDACTED port=5432 dbname=dns user=dns} {select zone from dns_records where zone = '$zone$'} {select ttl, type, mx_priority, case when lower(type)='txt' then '\"' || data || '\"' else data end from dns_records where zone = '$zone$' and host = '$record$' and not (type = 'SOA' or type = 'NS')} {select ttl, type, mx_priority, data, resp_person, serial, refresh, retry, expire, minimum from dns_records where zone = '$zone$' and (type = 'SOA' or type='NS')} {select ttl, type, host, mx_priority, data, resp_person, serial, refresh, retry, expire, minimum from dns_records where zone = '$zone$'} {select zone from xfr_table where zone = '$zone$' and client = '$client$'}"; }; Below is a stack trace, followed by other relevant config bits. (ran "/usr/sbin/named -u named -g -d5" inside "gdb", then send a request for "A aisd-7.test.local" via "dig"): 24-Jul-2014 10:18:38.262 client 127.0.0.1#50111: UDP request 24-Jul-2014 10:18:38.262 client 127.0.0.1#50111: using view '_default' 24-Jul-2014 10:18:38.262 client 127.0.0.1#50111: request is not signed 24-Jul-2014 10:18:38.262 client 127.0.0.1#50111: recursion available 24-Jul-2014 10:18:38.262 client 127.0.0.1#50111: query 24-Jul-2014 10:18:38.262 Query String: select zone from dns_records where zone = 'aisd-7.test.local' *** Error in `/usr/sbin/named': double free or corruption (!prev): 0x08168828 *** Program received signal SIGABRT, Aborted. 0xb7fdd424 in __kernel_vsyscall () (gdb) bt #0 0xb7fdd424 in __kernel_vsyscall () #1 0xb7a3298f in raise () from /lib/libc.so.6 #2 0xb7a341a3 in abort () from /lib/libc.so.6 #3 0xb7a74115 in __libc_message () from /lib/libc.so.6 #4 0xb7a7a732 in malloc_printerr () from /lib/libc.so.6 #5 0xb7a7b490 in _int_free () from /lib/libc.so.6 #6 0xb7d40546 in PQclear () from /usr/lib/libpq.so.5 #7 0x080b3686 in postgres_findzone () #8 0xb7f06e82 in dns_sdlzfindzone () from /usr/lib/libdns.so.100 #9 0xb7e3d546 in dns_dlzfindzone () from /usr/lib/libdns.so.100 #10 0x0807cdb4 in query_getdb () #11 0x08082bc6 in query_find () #12 0x0808e701 in ns_query_start () #13 0x0806e91d in client_request () #14 0xb7d8f0d0 in isc__taskmgr_dispatch () from /usr/lib/libisc.so.95 #15 0xb7d93224 in evloop () from /usr/lib/libisc.so.95 #16 0xb7d939ea in isc__app_ctxrun () from /usr/lib/libisc.so.95 #17 0xb7d93e6d in isc__app_run () from /usr/lib/libisc.so.95 #18 0x08067c8d in main () (gdb) quit mad-dns-3 net-dns # named -V BIND 9.9.5 (Extended Support Version) <id:f9b8a50e> built by make with '--prefix=/usr' '--build=i686-pc-linux-gnu' '--host=i686-pc-linux-gnu' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--datadir=/usr/share' '--sysconfdir=/etc' '--localstatedir=/var/lib' '--libdir=/usr/lib' '--sysconfdir=/etc/bind' '--localstatedir=/var' '--with-libtool' '--enable-full-report' '--disable-threads' '--with-dlopen' '--with-dlz-filesystem' '--with-dlz-stub' '--with-dlz-postgres' '--without-dlz-mysql' '--with-dlz-bdb' '--without-dlz-ldap' '--without-dlz-odbc' '--with-openssl=/usr' '--with-ecdsa' '--without-idn' '--disable-ipv6' '--without-libxml2' '--disable-newstats' '--without-gssapi' '--disable-rpz-nsip' '--disable-rpz-nsdname' '--disable-linux-caps' '--without-gost' '--disable-filter-aaaa' '--disable-fixed-rrset' '--disable-rrl' '--without-python' '--without-readline' '--with-randomdev=/dev/random' 'build_alias=i686-pc-linux-gnu' 'host_alias=i686-pc-linux-gnu' 'CFLAGS=-O2 -march=i686 -pipe -I/usr/include/db4.8' 'LDFLAGS=-Wl,-O1 -Wl,--as-needed' compiled by GCC 4.7.3 using OpenSSL version: OpenSSL 1.0.1h 5 Jun 2014 mad-dns-3 ~ # dig @127.0.0.1 A aisd-7.test.local ; <<>> DiG 9.9.5 <<>> @127.0.0.1 A aisd-7.test.local ; (1 server found) ;; global options: +cmd ;; connection timed out; no servers could be reached ASCII dump of TCP capture between BIND server and POSTGRESQL server: (Yes, the database is not properly configured yet, but BIND should not crash just because postgresql returns an error message instead of a query result): ........user.dns.database.dns..R........S....application_name..S....client_encoding.UTF8.S....DateStyle.ISO, MDY.S....integer_datetimes.on.S....IntervalStyle.postgres.S....is_superuser.off.S....server_encoding.UTF8.S....server_version.9.3.4.S....session_authorization.dns.S...#standard_conforming_strings.on.S....TimeZone.US/Central.K........`d.IZ....IQ...Bselect zone from dns_records where zone = 'aisd-7.test.local'.E..._SERROR.C42501.Mpermission denied for relation dns_records.Faclchk.c.L3371.Raclcheck_error..Z....IQ...Bselect zone from dns_records where zone = 'aisd-7.test.local'.E..._SERROR.C42501.Mpermission denied for relation dns_records.Faclchk.c.L3371.Raclcheck_error..Z....IQ...Bselect zone from dns_records where zone = 'aisd-7.test.local'.E..._SERROR.C42501.Mpermission denied for relation dns_records.Faclchk.c.L3371.Raclcheck_error..Z....I Cleaned up ASCII dump of the postgresql conversation: Query: select zone from dns_records where zone = 'aisd-7.test.local' Response: ERROR.C42501. permission denied for relation dns_records.
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
