Skip Menu |

This queue is for tickets about the Net-DNS CPAN distribution.

Report information
The Basics
Id: 88744
Status: resolved
Priority: 0/
Queue: Net-DNS
People
Owner: Nobody in particular
Requestors: Mark [...] infocomm.com
Cc:
AdminCc:
Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)

History Show all quoted text
  Tue Sep 17 12:32:47 2013 Mark [...] infocomm.com - Ticket created
CC: Mark Pizzolato - Info Comm <Mark [...] infocomm.com>
Subject: Bug in Net::DNS::Nameserver.pm Version 1096
Date: Tue, 17 Sep 2013 09:32:29 -0700
To: "'bug-Net-DNS [...] rt.cpan.org'" <bug-Net-DNS [...] rt.cpan.org>
From: Mark Pizzolato - Info Comm <Mark [...] infocomm.com>
I've been using the Net::DNS::Namserver object in an application I wrote a couple of years back. This app can get queries from arbitrary sources on the internet, and thus may get malicious or otherwise bogus queries. The app has run quite well for most of the last few years with an unexplained crash happening every few weeks. I had been using # $Id: Nameserver.pm 835 2009-12-29 20:20:38Z olaf $. I finally decided to dig into this strange crash and captured the incoming and outgoing traffic to this app. The last query which arrived at the app was a UDP packet which had the UDP payload of "GET / HTTP/1.1" (without the quotes). Clearly this isn't a DNS query and the code which parsed it failed. That failure wasn't exactly what caused the crash. The crash was caused by the fact that the parse returned an undefined object, and the calling code didn't check for that case and proceeded to reference the object as if it had been properly defined. I changed the original code in the udp_connection which read: my $query = Net::DNS::Packet->new(\$buf); my $conn = { to: my $query = Net::DNS::Packet->new(\$buf); if (not defined $query){ print "Ignoring Bad query from $peerhost:$peerport. Closing socket.\n" if $self->{"Verbose"}; return; } my $conn = { while making this change I realized that the same thing could happen with a TCP query. Crafting such a query would be harder since the length would need to prepended to the bogus query content, but still it could cause a similar crash. I changed the code in tcp_connection which originally read: my $query = Net::DNS::Packet->new(\$qbuf); my $conn = { sockhost => $sock->sockhost(), sockport => $sock->sockport(), peerhost => $sock->peerhost(), peerport => $sock->peerport() }; to: my $query = Net::DNS::Packet->new(\$qbuf); if (not defined $query) { print "Bad query from $peer. Closing socket.\n" if $self->{"Verbose"}; $self->{"select"}->remove($sock); $sock->close(); delete $self->{"_tcp"}{$sock}; return; } my $conn = { sockhost => $sock->sockhost(), sockport => $sock->sockport(), peerhost => $sock->peerhost(), peerport => $sock->peerport() }; I then looked at the latest Net::DNS code from CPAN. As it turns out, someone else had done essentially the same thing with the code in udp_connection, but the issue for a tcp query had not been addressed. The tcp_connection should be fixed also. - Mark Pizzolato

Message body is not shown because it is too large.

  Fri Sep 27 13:32:38 2013 rwfranks [...] acm.org - Correspondence added
From: rwfranks [...] acm.org
Fixed on SVN trunk. WARNING: Net::DNS::Nameserver is intended for generating test inputs on local networks. No attempt has been made to manage the security risks arising from exposure to the internet.
  Fri Sep 27 13:32:39 2013 The RT System itself - Status changed from 'new' to 'open'
  Wed Nov 13 09:35:43 2013 NLNETLABS [...] cpan.org - Correspondence added
This is fixed in the upcoming 0.73 release
  Wed Nov 13 09:35:43 2013 NLNETLABS [...] cpan.org - Status changed from 'open' to 'resolved'