BIND issueshttps://gitlab.isc.org/isc-projects/bind9/-/issues2021-07-12T07:22:51Zhttps://gitlab.isc.org/isc-projects/bind9/-/issues/2817mem.c:739:2: runtime error: null pointer returned from function declared to n...2021-07-12T07:22:51ZOndřej Surýmem.c:739:2: runtime error: null pointer returned from function declared to never return nullFound by ossfuzz:
```
[Environment] UBSAN_OPTIONS=print_stacktrace=1:silence_unsigned_overflow=1
+----------------------------------------Release Build Stacktrace----------------------------------------+
Command: /mnt/scratch0/clusterfu...Found by ossfuzz:
```
[Environment] UBSAN_OPTIONS=print_stacktrace=1:silence_unsigned_overflow=1
+----------------------------------------Release Build Stacktrace----------------------------------------+
Command: /mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_bind9_9f24385eb8a2bc6fb33e75dbdae3dfe52925ab00/revisions/dns_rdata_fromwire_text_fuzzer -rss_limit_mb=2560 -timeout=60 -runs=100 /mnt/scratch0/clusterfuzz/bot/inputs/fuzzer-testcases/crash-d76d7bd8ebb5b351b84bf2047ba1e3c4c126abe6
Time ran: 0.05019402503967285
INFO: Running with entropic power schedule (0xFF, 100).
INFO: Seed: 3998893740
INFO: Loaded 1 modules (113688 inline 8-bit counters): 113688 [0x103ace8, 0x1056900),
INFO: Loaded 1 PC tables (113688 PCs): 113688 [0x1056900,0x1212a80),
/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_bind9_9f24385eb8a2bc6fb33e75dbdae3dfe52925ab00/revisions/dns_rdata_fromwire_text_fuzzer: Running 1 inputs 100 time(s) each.
Running: /mnt/scratch0/clusterfuzz/bot/inputs/fuzzer-testcases/crash-d76d7bd8ebb5b351b84bf2047ba1e3c4c126abe6
mem.c:739:2: runtime error: null pointer returned from function declared to never return null
include/isc/mem.h:478:1: note: returns_nonnull attribute specified here
#0 0x95a4bb in isc__mem_get bind9/lib/isc/mem.c:740:1
#1 0x93c28f in isc_buffer_allocate bind9/lib/isc/buffer.c:543:25
#2 0x5254b2 in unknown_fromtext bind9/lib/dns/rdata.c:882:2
#3 0x523e6d in dns_rdata_fromtext bind9/lib/dns/rdata.c:979:13
#4 0x4b5fff in LLVMFuzzerTestOneInput bind9/fuzz/dns_rdata_fromwire_text.c:173:11
#5 0x443d93 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:599:15
#6 0x42f4d2 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:323:6
#7 0x4351ae in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:856:9
#8 0x45eca2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
#9 0x7fa08774183f in __libc_start_main /build/glibc-e6zv40/glibc-2.23/csu/libc-start.c:291
#10 0x40a5a8 in _start
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior mem.c:739:2 in
+----------------------------------------Release Build Unsymbolized Stacktrace (diff)----------------------------------------+
mem.c:739:2: runtime error: null pointer returned from function declared to never return null
include/isc/mem.h:478:1: note: returns_nonnull attribute specified here
#0 0x95a4bb (/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_bind9_9f24385eb8a2bc6fb33e75dbdae3dfe52925ab00/revisions/dns_rdata_fromwire_text_fuzzer+0x95a4bb)
#1 0x93c28f (/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_bind9_9f24385eb8a2bc6fb33e75dbdae3dfe52925ab00/revisions/dns_rdata_fromwire_text_fuzzer+0x93c28f)
#2 0x5254b2 (/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_bind9_9f24385eb8a2bc6fb33e75dbdae3dfe52925ab00/revisions/dns_rdata_fromwire_text_fuzzer+0x5254b2)
#3 0x523e6d (/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_bind9_9f24385eb8a2bc6fb33e75dbdae3dfe52925ab00/revisions/dns_rdata_fromwire_text_fuzzer+0x523e6d)
#4 0x4b5fff (/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_bind9_9f24385eb8a2bc6fb33e75dbdae3dfe52925ab00/revisions/dns_rdata_fromwire_text_fuzzer+0x4b5fff)
#5 0x443d93 (/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_bind9_9f24385eb8a2bc6fb33e75dbdae3dfe52925ab00/revisions/dns_rdata_fromwire_text_fuzzer+0x443d93)
#6 0x42f4d2 (/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_bind9_9f24385eb8a2bc6fb33e75dbdae3dfe52925ab00/revisions/dns_rdata_fromwire_text_fuzzer+0x42f4d2)
#7 0x4351ae (/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_bind9_9f24385eb8a2bc6fb33e75dbdae3dfe52925ab00/revisions/dns_rdata_fromwire_text_fuzzer+0x4351ae)
#8 0x45eca2 (/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_bind9_9f24385eb8a2bc6fb33e75dbdae3dfe52925ab00/revisions/dns_rdata_fromwire_text_fuzzer+0x45eca2)
#9 0x7fa08774183f (/lib/x86_64-linux-gnu/libc.so.6+0x2083f)
#10 0x40a5a8 (/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_bind9_9f24385eb8a2bc6fb33e75dbdae3dfe52925ab00/revisions/dns_rdata_fromwire_text_fuzzer+0x40a5a8)
ORIGINAL STACKTRACE ON REVISION D7AA979A6C3F5A639012EC5981992FC8A3867525 (43 LINES)
[Environment] UBSAN_OPTIONS=print_stacktrace=1:silence_unsigned_overflow=1
+----------------------------------------Release Build Stacktrace----------------------------------------+
Command: /mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_bind9_9f24385eb8a2bc6fb33e75dbdae3dfe52925ab00/revisions/dns_rdata_fromwire_text_fuzzer -rss_limit_mb=2560 -timeout=60 -runs=100 /mnt/scratch0/clusterfuzz/bot/inputs/fuzzer-testcases/b3e3b33147ec29ee51c4add23be2f25febb5b351b84bf2047ba1e3c4c126abe6
Time ran: 0.04110836982727051
INFO: Running with entropic power schedule (0xFF, 100).
INFO: Seed: 4192504056
INFO: Loaded 1 modules (113688 inline 8-bit counters): 113688 [0x103ace8, 0x1056900),
INFO: Loaded 1 PC tables (113688 PCs): 113688 [0x1056900,0x1212a80),
/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_bind9_9f24385eb8a2bc6fb33e75dbdae3dfe52925ab00/revisions/dns_rdata_fromwire_text_fuzzer: Running 1 inputs 100 time(s) each.
Running: /mnt/scratch0/clusterfuzz/bot/inputs/fuzzer-testcases/b3e3b33147ec29ee51c4add23be2f25febb5b351b84bf2047ba1e3c4c126abe6
mem.c:739:2: runtime error: null pointer returned from function declared to never return null
include/isc/mem.h:478:1: note: returns_nonnull attribute specified here
#0 0x95a4bb in isc__mem_get bind9/lib/isc/mem.c:740:1
#1 0x93c28f in isc_buffer_allocate bind9/lib/isc/buffer.c:543:25
#2 0x5254b2 in unknown_fromtext bind9/lib/dns/rdata.c:882:2
#3 0x523e6d in dns_rdata_fromtext bind9/lib/dns/rdata.c:979:13
#4 0x4b5fff in LLVMFuzzerTestOneInput bind9/fuzz/dns_rdata_fromwire_text.c:173:11
#5 0x443d93 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:599:15
#6 0x42f4d2 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:323:6
#7 0x4351ae in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:856:9
#8 0x45eca2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
#9 0x7fd7daa3f83f in __libc_start_main /build/glibc-e6zv40/glibc-2.23/csu/libc-start.c:291
#10 0x40a5a8 in _start
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior mem.c:739:2 in
+----------------------------------------Release Build Unsymbolized Stacktrace (diff)----------------------------------------+
mem.c:739:2: runtime error: null pointer returned from function declared to never return null
include/isc/mem.h:478:1: note: returns_nonnull attribute specified here
#0 0x95a4bb (/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_bind9_9f24385eb8a2bc6fb33e75dbdae3dfe52925ab00/revisions/dns_rdata_fromwire_text_fuzzer+0x95a4bb)
#1 0x93c28f (/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_bind9_9f24385eb8a2bc6fb33e75dbdae3dfe52925ab00/revisions/dns_rdata_fromwire_text_fuzzer+0x93c28f)
#2 0x5254b2 (/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_bind9_9f24385eb8a2bc6fb33e75dbdae3dfe52925ab00/revisions/dns_rdata_fromwire_text_fuzzer+0x5254b2)
#3 0x523e6d (/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_bind9_9f24385eb8a2bc6fb33e75dbdae3dfe52925ab00/revisions/dns_rdata_fromwire_text_fuzzer+0x523e6d)
#4 0x4b5fff (/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_bind9_9f24385eb8a2bc6fb33e75dbdae3dfe52925ab00/revisions/dns_rdata_fromwire_text_fuzzer+0x4b5fff)
#5 0x443d93 (/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_bind9_9f24385eb8a2bc6fb33e75dbdae3dfe52925ab00/revisions/dns_rdata_fromwire_text_fuzzer+0x443d93)
#6 0x42f4d2 (/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_bind9_9f24385eb8a2bc6fb33e75dbdae3dfe52925ab00/revisions/dns_rdata_fromwire_text_fuzzer+0x42f4d2)
#7 0x4351ae (/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_bind9_9f24385eb8a2bc6fb33e75dbdae3dfe52925ab00/revisions/dns_rdata_fromwire_text_fuzzer+0x4351ae)
#8 0x45eca2 (/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_bind9_9f24385eb8a2bc6fb33e75dbdae3dfe52925ab00/revisions/dns_rdata_fromwire_text_fuzzer+0x45eca2)
#9 0x7fd7daa3f83f (/lib/x86_64-linux-gnu/libc.so.6+0x2083f)
#10 0x40a5a8 (/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_bind9_9f24385eb8a2bc6fb33e75dbdae3dfe52925ab00/revisions/dns_rdata_fromwire_text_fuzzer+0x40a5a8)
```August 2021 (9.11.35, 9.11.35-S1, 9.16.20, 9.16.20-S1, 9.17.17)Ondřej SurýOndřej Surýhttps://gitlab.isc.org/isc-projects/bind9/-/issues/2816mem.c:739:2: runtime error: null pointer returned from function declared to n...2021-07-12T08:23:42ZOndřej Surýmem.c:739:2: runtime error: null pointer returned from function declared to never return nullFound by ossfuzz:
```
[Environment] UBSAN_OPTIONS=print_stacktrace=1:silence_unsigned_overflow=1
+----------------------------------------Release Build Stacktrace----------------------------------------+
Command: /mnt/scratch0/clusterfu...Found by ossfuzz:
```
[Environment] UBSAN_OPTIONS=print_stacktrace=1:silence_unsigned_overflow=1
+----------------------------------------Release Build Stacktrace----------------------------------------+
Command: /mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_bind9_9f24385eb8a2bc6fb33e75dbdae3dfe52925ab00/revisions/dns_rdata_fromwire_text_fuzzer -rss_limit_mb=2560 -timeout=60 -runs=100 /mnt/scratch0/clusterfuzz/bot/inputs/fuzzer-testcases/crash-d76d7bd8ebb5b351b84bf2047ba1e3c4c126abe6
Time ran: 0.05019402503967285
INFO: Running with entropic power schedule (0xFF, 100).
INFO: Seed: 3998893740
INFO: Loaded 1 modules (113688 inline 8-bit counters): 113688 [0x103ace8, 0x1056900),
INFO: Loaded 1 PC tables (113688 PCs): 113688 [0x1056900,0x1212a80),
/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_bind9_9f24385eb8a2bc6fb33e75dbdae3dfe52925ab00/revisions/dns_rdata_fromwire_text_fuzzer: Running 1 inputs 100 time(s) each.
Running: /mnt/scratch0/clusterfuzz/bot/inputs/fuzzer-testcases/crash-d76d7bd8ebb5b351b84bf2047ba1e3c4c126abe6
mem.c:739:2: runtime error: null pointer returned from function declared to never return null
include/isc/mem.h:478:1: note: returns_nonnull attribute specified here
#0 0x95a4bb in isc__mem_get bind9/lib/isc/mem.c:740:1
#1 0x93c28f in isc_buffer_allocate bind9/lib/isc/buffer.c:543:25
#2 0x5254b2 in unknown_fromtext bind9/lib/dns/rdata.c:882:2
#3 0x523e6d in dns_rdata_fromtext bind9/lib/dns/rdata.c:979:13
#4 0x4b5fff in LLVMFuzzerTestOneInput bind9/fuzz/dns_rdata_fromwire_text.c:173:11
#5 0x443d93 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:599:15
#6 0x42f4d2 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:323:6
#7 0x4351ae in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:856:9
#8 0x45eca2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
#9 0x7fa08774183f in __libc_start_main /build/glibc-e6zv40/glibc-2.23/csu/libc-start.c:291
#10 0x40a5a8 in _start
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior mem.c:739:2 in
+----------------------------------------Release Build Unsymbolized Stacktrace (diff)----------------------------------------+
mem.c:739:2: runtime error: null pointer returned from function declared to never return null
include/isc/mem.h:478:1: note: returns_nonnull attribute specified here
#0 0x95a4bb (/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_bind9_9f24385eb8a2bc6fb33e75dbdae3dfe52925ab00/revisions/dns_rdata_fromwire_text_fuzzer+0x95a4bb)
#1 0x93c28f (/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_bind9_9f24385eb8a2bc6fb33e75dbdae3dfe52925ab00/revisions/dns_rdata_fromwire_text_fuzzer+0x93c28f)
#2 0x5254b2 (/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_bind9_9f24385eb8a2bc6fb33e75dbdae3dfe52925ab00/revisions/dns_rdata_fromwire_text_fuzzer+0x5254b2)
#3 0x523e6d (/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_bind9_9f24385eb8a2bc6fb33e75dbdae3dfe52925ab00/revisions/dns_rdata_fromwire_text_fuzzer+0x523e6d)
#4 0x4b5fff (/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_bind9_9f24385eb8a2bc6fb33e75dbdae3dfe52925ab00/revisions/dns_rdata_fromwire_text_fuzzer+0x4b5fff)
#5 0x443d93 (/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_bind9_9f24385eb8a2bc6fb33e75dbdae3dfe52925ab00/revisions/dns_rdata_fromwire_text_fuzzer+0x443d93)
#6 0x42f4d2 (/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_bind9_9f24385eb8a2bc6fb33e75dbdae3dfe52925ab00/revisions/dns_rdata_fromwire_text_fuzzer+0x42f4d2)
#7 0x4351ae (/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_bind9_9f24385eb8a2bc6fb33e75dbdae3dfe52925ab00/revisions/dns_rdata_fromwire_text_fuzzer+0x4351ae)
#8 0x45eca2 (/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_bind9_9f24385eb8a2bc6fb33e75dbdae3dfe52925ab00/revisions/dns_rdata_fromwire_text_fuzzer+0x45eca2)
#9 0x7fa08774183f (/lib/x86_64-linux-gnu/libc.so.6+0x2083f)
#10 0x40a5a8 (/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_bind9_9f24385eb8a2bc6fb33e75dbdae3dfe52925ab00/revisions/dns_rdata_fromwire_text_fuzzer+0x40a5a8)
ORIGINAL STACKTRACE ON REVISION D7AA979A6C3F5A639012EC5981992FC8A3867525 (43 LINES)
[Environment] UBSAN_OPTIONS=print_stacktrace=1:silence_unsigned_overflow=1
+----------------------------------------Release Build Stacktrace----------------------------------------+
Command: /mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_bind9_9f24385eb8a2bc6fb33e75dbdae3dfe52925ab00/revisions/dns_rdata_fromwire_text_fuzzer -rss_limit_mb=2560 -timeout=60 -runs=100 /mnt/scratch0/clusterfuzz/bot/inputs/fuzzer-testcases/b3e3b33147ec29ee51c4add23be2f25febb5b351b84bf2047ba1e3c4c126abe6
Time ran: 0.04110836982727051
INFO: Running with entropic power schedule (0xFF, 100).
INFO: Seed: 4192504056
INFO: Loaded 1 modules (113688 inline 8-bit counters): 113688 [0x103ace8, 0x1056900),
INFO: Loaded 1 PC tables (113688 PCs): 113688 [0x1056900,0x1212a80),
/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_bind9_9f24385eb8a2bc6fb33e75dbdae3dfe52925ab00/revisions/dns_rdata_fromwire_text_fuzzer: Running 1 inputs 100 time(s) each.
Running: /mnt/scratch0/clusterfuzz/bot/inputs/fuzzer-testcases/b3e3b33147ec29ee51c4add23be2f25febb5b351b84bf2047ba1e3c4c126abe6
mem.c:739:2: runtime error: null pointer returned from function declared to never return null
include/isc/mem.h:478:1: note: returns_nonnull attribute specified here
#0 0x95a4bb in isc__mem_get bind9/lib/isc/mem.c:740:1
#1 0x93c28f in isc_buffer_allocate bind9/lib/isc/buffer.c:543:25
#2 0x5254b2 in unknown_fromtext bind9/lib/dns/rdata.c:882:2
#3 0x523e6d in dns_rdata_fromtext bind9/lib/dns/rdata.c:979:13
#4 0x4b5fff in LLVMFuzzerTestOneInput bind9/fuzz/dns_rdata_fromwire_text.c:173:11
#5 0x443d93 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:599:15
#6 0x42f4d2 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:323:6
#7 0x4351ae in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:856:9
#8 0x45eca2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
#9 0x7fd7daa3f83f in __libc_start_main /build/glibc-e6zv40/glibc-2.23/csu/libc-start.c:291
#10 0x40a5a8 in _start
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior mem.c:739:2 in
+----------------------------------------Release Build Unsymbolized Stacktrace (diff)----------------------------------------+
mem.c:739:2: runtime error: null pointer returned from function declared to never return null
include/isc/mem.h:478:1: note: returns_nonnull attribute specified here
#0 0x95a4bb (/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_bind9_9f24385eb8a2bc6fb33e75dbdae3dfe52925ab00/revisions/dns_rdata_fromwire_text_fuzzer+0x95a4bb)
#1 0x93c28f (/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_bind9_9f24385eb8a2bc6fb33e75dbdae3dfe52925ab00/revisions/dns_rdata_fromwire_text_fuzzer+0x93c28f)
#2 0x5254b2 (/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_bind9_9f24385eb8a2bc6fb33e75dbdae3dfe52925ab00/revisions/dns_rdata_fromwire_text_fuzzer+0x5254b2)
#3 0x523e6d (/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_bind9_9f24385eb8a2bc6fb33e75dbdae3dfe52925ab00/revisions/dns_rdata_fromwire_text_fuzzer+0x523e6d)
#4 0x4b5fff (/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_bind9_9f24385eb8a2bc6fb33e75dbdae3dfe52925ab00/revisions/dns_rdata_fromwire_text_fuzzer+0x4b5fff)
#5 0x443d93 (/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_bind9_9f24385eb8a2bc6fb33e75dbdae3dfe52925ab00/revisions/dns_rdata_fromwire_text_fuzzer+0x443d93)
#6 0x42f4d2 (/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_bind9_9f24385eb8a2bc6fb33e75dbdae3dfe52925ab00/revisions/dns_rdata_fromwire_text_fuzzer+0x42f4d2)
#7 0x4351ae (/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_bind9_9f24385eb8a2bc6fb33e75dbdae3dfe52925ab00/revisions/dns_rdata_fromwire_text_fuzzer+0x4351ae)
#8 0x45eca2 (/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_bind9_9f24385eb8a2bc6fb33e75dbdae3dfe52925ab00/revisions/dns_rdata_fromwire_text_fuzzer+0x45eca2)
#9 0x7fd7daa3f83f (/lib/x86_64-linux-gnu/libc.so.6+0x2083f)
#10 0x40a5a8 (/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_bind9_9f24385eb8a2bc6fb33e75dbdae3dfe52925ab00/revisions/dns_rdata_fromwire_text_fuzzer+0x40a5a8)
```August 2021 (9.11.35, 9.11.35-S1, 9.16.20, 9.16.20-S1, 9.17.17)Ondřej SurýOndřej Surýhttps://gitlab.isc.org/isc-projects/bind9/-/issues/2815Crashes related to memory reallocation on OpenBSD2021-07-13T12:00:06ZMichał KępieńCrashes related to memory reallocation on OpenBSDNew crashes, which seem to be related to memory reallocation, have been
recently observed on OpenBSD:
- https://gitlab.isc.org/isc-projects/bind9/-/jobs/1856101
```
D:fetchlimit:Core was generated by `named'.
D:fetchlimit...New crashes, which seem to be related to memory reallocation, have been
recently observed on OpenBSD:
- https://gitlab.isc.org/isc-projects/bind9/-/jobs/1856101
```
D:fetchlimit:Core was generated by `named'.
D:fetchlimit:Program terminated with signal SIGSEGV, Segmentation fault.
D:fetchlimit:#0 isc___nmhandle_get (sock=0x4bdedbe5008, peer=<optimized out>, local=<optimized out>) at netmgr/netmgr.c:1658
D:fetchlimit:1658 INSIST(sock->ah_handles[pos] == NULL);
D:fetchlimit:[Current thread is 1 (process 414524)]
D:fetchlimit:#0 isc___nmhandle_get (sock=0x4bdedbe5008, peer=<optimized out>, local=<optimized out>) at netmgr/netmgr.c:1658
D:fetchlimit:#1 0x000004bd59eb8689 in isc__nm_get_read_req (sock=0x4bdedbe5008, sockaddr=0x4be16fdaae8) at netmgr/netmgr.c:2113
D:fetchlimit:#2 0x000004bd59ec666c in udp_recv_cb (handle=<optimized out>, nrecv=39, buf=0x4be16fdad70, addr=0x4be16fdac40, flags=<optimized out>) at netmgr/udp.c:402
D:fetchlimit:#3 0x000004bd6f10c137 in uv.udp_io () from /usr/local/lib/libuv.so.3.0
D:fetchlimit:#4 0x000004bd6f10da19 in uv.io_poll () from /usr/local/lib/libuv.so.3.0
D:fetchlimit:#5 0x000004bd6f0fc0b8 in uv_run () from /usr/local/lib/libuv.so.3.0
D:fetchlimit:#6 0x000004bd59eb0d6b in nm_thread (worker0=0x4be100990b8) at netmgr/netmgr.c:682
D:fetchlimit:#7 0x000004bd59f01d73 in isc__trampoline_run (arg=0x4be100b5580) at trampoline.c:180
D:fetchlimit:#8 0x000004be3b384f51 in _rthread_start (v=<optimized out>) at /usr/src/lib/librthread/rthread.c:96
D:fetchlimit:#9 0x000004be0da71a5a in __tfork_thread () at /usr/src/lib/libc/arch/amd64/sys/tfork_thread.S:84
```
- https://gitlab.isc.org/isc-projects/bind9/-/jobs/1856602
```
D:fetchlimit:Core was generated by `named'.
D:fetchlimit:Program terminated with signal SIGABRT, Aborted.
D:fetchlimit:#0 thrkill () at /tmp/-:3
D:fetchlimit:[Current thread is 1 (process 478794)]
D:fetchlimit:#0 thrkill () at /tmp/-:3
D:fetchlimit:#1 0x000009cadd8db7be in _libc_abort () at /usr/src/lib/libc/stdlib/abort.c:51
D:fetchlimit:#2 0x000009c8758fb913 in assertion_failed (file=<optimized out>, line=<optimized out>, type=<optimized out>, cond=<optimized out>) at main.c:249
D:fetchlimit:#3 0x000009ca795aeca0 in isc_assertion_failed (file=0x0, line=6, type=isc_assertiontype_require, cond=0x9cadd92dffa <thrkill+10> "r\001\303d\211\004% ") at assertions.c:47
D:fetchlimit:#4 0x000009ca795c2ec4 in mem_putstats (ctx=0x9ca7638f008, ptr=<optimized out>, size=13744632839234567870) at mem.c:386
D:fetchlimit:#5 isc__mem_reallocate (ctx=0x9ca7638f008, old_ptr=0x9cad038e408, new_size=512, file=0x9ca7957e4b2 "netmgr/netmgr.c", line=1645) at mem.c:899
D:fetchlimit:#6 0x000009ca7959bcf2 in isc___nmhandle_get (sock=0x9cb270af008, peer=<optimized out>, local=<optimized out>) at netmgr/netmgr.c:1643
D:fetchlimit:#7 0x000009ca7959d689 in isc__nm_get_read_req (sock=0x9cb270af008, sockaddr=0x9cb655d0318) at netmgr/netmgr.c:2113
D:fetchlimit:#8 0x000009ca795ab66c in udp_recv_cb (handle=<optimized out>, nrecv=39, buf=0x9cb655d05a0, addr=0x9cb655d0470, flags=<optimized out>) at netmgr/udp.c:402
D:fetchlimit:#9 0x000009cb515e8137 in uv.udp_io () from /usr/local/lib/libuv.so.3.0
D:fetchlimit:#10 0x000009cb515e9a19 in uv.io_poll () from /usr/local/lib/libuv.so.3.0
D:fetchlimit:#11 0x000009cb515d80b8 in uv_run () from /usr/local/lib/libuv.so.3.0
D:fetchlimit:#12 0x000009ca79595d6b in nm_thread (worker0=0x9ca954680b8) at netmgr/netmgr.c:682
D:fetchlimit:#13 0x000009ca795e6d73 in isc__trampoline_run (arg=0x9cb70b6dc00) at trampoline.c:180
D:fetchlimit:#14 0x000009cadeacdf51 in _rthread_start (v=<optimized out>) at /usr/src/lib/librthread/rthread.c:96
D:fetchlimit:#15 0x000009cadd94acca in __tfork_thread () at /usr/src/lib/libc/arch/amd64/sys/tfork_thread.S:84
```
It looks like these flaws might have been uncovered by !5252. @ondrej
[said][1] that they are related to OpenBSD not exposing `malloc_size()`
or `malloc_usable_size()` and us having to work around it. He also
[proposed][2] a fix.
[1]: https://gitlab.isc.org/isc-projects/bind9/-/issues/2812#note_224856
[2]: https://gitlab.isc.org/isc-projects/bind9/-/issues/2812#note_224858August 2021 (9.11.35, 9.11.35-S1, 9.16.20, 9.16.20-S1, 9.17.17)https://gitlab.isc.org/isc-projects/bind9/-/issues/2814Build named with DLZ is broken on 9.172022-01-19T11:20:47ZMatthijs Mekkingmatthijs@isc.orgBuild named with DLZ is broken on 9.17`configure.ac` disables DLZ:
```
# FIXME BEGIN
#sinclude(contrib/dlz/config.dlz.in)
# AC_MSG_CHECKING(contributed DLZ drivers)
#
# if test -n "$CONTRIB_DLZ"
# then
# AC_MSG_RESULT(yes)
# DLZ_DRIVER_RULES=contrib/dlz/drivers/...`configure.ac` disables DLZ:
```
# FIXME BEGIN
#sinclude(contrib/dlz/config.dlz.in)
# AC_MSG_CHECKING(contributed DLZ drivers)
#
# if test -n "$CONTRIB_DLZ"
# then
# AC_MSG_RESULT(yes)
# DLZ_DRIVER_RULES=contrib/dlz/drivers/rules
# AC_CONFIG_FILES([$DLZ_DRIVER_RULES
# contrib/dlz/modules/mysql/Makefile
# contrib/dlz/modules/mysqldyn/Makefile])
# else
# AC_MSG_RESULT(no)
# DLZ_DRIVER_RULES=/dev/null
# fi
#
# AC_SUBST(CONTRIB_DLZ)
# AC_SUBST(DLZ_DRIVER_INCLUDES)
# AC_SUBST(DLZ_DRIVER_LIBS)
# AC_SUBST(DLZ_DRIVER_SRCS)
# AC_SUBST(DLZ_DRIVER_OBJS)
# AC_SUBST(DLZ_SYSTEM_TEST)
# AC_SUBST_FILE(DLZ_DRIVER_RULES)
# this ensures the configure summary report comes out right
test -z "$with_dlz_bdb" && with_dlz_bdb=no
test -z "$with_dlz_ldap" && with_dlz_ldap=no
test -z "$with_dlz_mysql" && with_dlz_mysql=no
test -z "$with_dlz_odbc" && with_dlz_odbc=no
test -z "$with_dlz_postgres" && with_dlz_postgres=no
test -z "$with_dlz_filesystem" && with_dlz_filesystem=no
test -z "$with_dlz_stub" && with_dlz_stub=no
# FIXME END
```October 2021 (9.11.36, 9.11.36-S1, 9.16.22, 9.16.22-S1, 9.17.19)https://gitlab.isc.org/isc-projects/bind9/-/issues/2813Build named with DLZ is broken on 9.162022-05-16T10:30:17ZMatthijs Mekkingmatthijs@isc.orgBuild named with DLZ is broken on 9.16```
gcc -include /home/vagrant/git/bind9/config.h -I/home/vagrant/git/bind9 -I../.. -I./include -I./unix/include -I. -I/home/vagrant/git/bind9/lib/ns/include -I../../lib/ns/include -I/home/vagrant/git/bind9/lib/dns/include -I../../lib/d...```
gcc -include /home/vagrant/git/bind9/config.h -I/home/vagrant/git/bind9 -I../.. -I./include -I./unix/include -I. -I/home/vagrant/git/bind9/lib/ns/include -I../../lib/ns/include -I/home/vagrant/git/bind9/lib/dns/include -I../../lib/dns/include -I/home/vagrant/git/bind9/lib/bind9/include -I../../lib/bind9/include -I/home/vagrant/git/bind9/lib/isccfg/include -I../../lib/isccfg/include -I/home/vagrant/git/bind9/lib/isccc/include -I../../lib/isccc/include -I/home/vagrant/git/bind9/lib/isc/include -I../../lib/isc -I../../lib/isc/include -I../../lib/isc/unix/include -I../../lib/isc/pthreads/include -I../../contrib/dlz/drivers/include -I/usr/include/mysql -DCONTRIB_DLZ -DDLZ_MYSQL -g -O2 -pthread -fPIC -W -Wall -Wmissing-prototypes -Wcast-qual -Wwrite-strings -Wformat -Wpointer-arith -Wno-missing-field-initializers -fno-strict-aliasing -c ../../contrib/dlz/drivers/dlz_mysql_driver.c
../../contrib/dlz/drivers/dlz_mysql_driver.c:66:14: error: conflicting types for ‘my_bool’
typedef bool my_bool;
^~~~~~~
In file included from ../../contrib/dlz/drivers/dlz_mysql_driver.c:45:0:
/usr/include/mysql/mysql.h:53:14: note: previous declaration of ‘my_bool’ was here
typedef char my_bool;
^~~~~~~
Makefile:632: recipe for target 'dlz_mysql_driver.o' failed
make[2]: *** [dlz_mysql_driver.o] Error 1
```May 2022 (9.16.29, 9.16.29-S1, 9.18.3, 9.19.1)https://gitlab.isc.org/isc-projects/bind9/-/issues/2812memory leak in main2021-07-14T19:06:07ZOndřej Surýmemory leak in mainI can more-or-less reliably reproduce following crash:
```
D:rrl:Core was generated by `/home/ondrej/Projects/bind9/bin/named/.libs/named -D rrl-ns2 -X named.lock -m r'.
D:rrl:Program terminated with signal SIGABRT, Aborted.
D:rrl:#0 0x...I can more-or-less reliably reproduce following crash:
```
D:rrl:Core was generated by `/home/ondrej/Projects/bind9/bin/named/.libs/named -D rrl-ns2 -X named.lock -m r'.
D:rrl:Program terminated with signal SIGABRT, Aborted.
D:rrl:#0 0x00007fdc2dd8e7bb in raise () from /lib/x86_64-linux-gnu/libc.so.6
D:rrl:#0 0x00007fdc2dd8e7bb in raise () from /lib/x86_64-linux-gnu/libc.so.6
D:rrl:#1 0x00007fdc2dd79535 in abort () from /lib/x86_64-linux-gnu/libc.so.6
D:rrl:#2 0x000055dc9eb46c2f in assertion_failed (file=<optimized out>, line=<optimized out>, type=isc_assertiontype_insist, cond=0x7fdc2ea7aa97 "malloced == 0") at main.c:249
D:rrl:#3 0x00007fdc2ea31971 in isc_assertion_failed (file=file@entry=0x7fdc2ea7a958 "mem.c", line=line@entry=550, type=type@entry=isc_assertiontype_insist, cond=cond@entry=0x7fdc2ea7aa97 "malloced == 0") at assertions.c:47
D:rrl:#4 0x00007fdc2ea44583 in destroy (ctx=ctx@entry=0x55dca054da60) at jemalloc_shim.h:37
D:rrl:#5 0x00007fdc2ea448f4 in isc__mem_destroy (ctxp=0x55dc9ebade88 <named_g_mctx>, file=<optimized out>, line=<optimized out>) at mem.c:645
D:rrl:#6 0x000055dc9eb48d04 in main (argc=<optimized out>, argv=<optimized out>) at main.c:1556
D:rrl:--------------------------------------------------------------------------------
```
The memleak analysis points to:
```
add 0x7fdc0c039740 size 256 file netmgr/netmgr.c line 1480 mctx 0x55dca054da60
add 0x7fdc0c0c8a00 size 536 file netmgr/netmgr.c line 1647 mctx 0x55dca054da60
add 0x7fdc0c0395f0 size 256 file netmgr/netmgr.c line 1478 mctx 0x55dca054da60
add 0x7fdc0c6c9010 size 536 file netmgr/netmgr.c line 1644 mctx 0x55dca054da60
```
as it does happen only intermittently and in the softhsm2.4 branch (which is kind of broken - jemalloc+softhsm2.4 is no-no-no), it was only found later that this happens on "vanilla" build.
We changed the `isc_mem_allocate()` and `isc_mem_free()` on the `ah_frees` and `ah_handles` to `isc_mem_put() and `isc_mem_put()`, but missed the fact that `isc_mem_reallocate() is being used on L1642 and L1645.August 2021 (9.11.35, 9.11.35-S1, 9.16.20, 9.16.20-S1, 9.17.17)Ondřej SurýOndřej Surýhttps://gitlab.isc.org/isc-projects/bind9/-/issues/2811checkds code may fail to release all resources on shutdown2021-07-13T09:50:39ZMichał Kępieńcheckds code may fail to release all resources on shutdownThe "checkds" system test has been failing intermittently on FreeBSD:
- https://gitlab.isc.org/isc-projects/bind9/-/jobs/1845792
- https://gitlab.isc.org/isc-projects/bind9/-/jobs/1847239
- https://gitlab.isc.org/isc-projects/bind...The "checkds" system test has been failing intermittently on FreeBSD:
- https://gitlab.isc.org/isc-projects/bind9/-/jobs/1845792
- https://gitlab.isc.org/isc-projects/bind9/-/jobs/1847239
- https://gitlab.isc.org/isc-projects/bind9/-/jobs/1851457
These failures are caused not by the test itself failing (the actual
Python tests are skipped), but rather by `named` assertion failures
triggered by outstanding memory allocations at shutdown.
I assumed these are happening because `named` is shut down very shortly
after startup. By looking at the list of outstanding allocations, I was
able to determine that the leaked allocations are instances of the
`dns_message_t` structure along with its various members. All of these
`dns_message_t` objects had `from_to_wire` set to
`DNS_MESSAGE_INTENTRENDER`, which made me look at
`checkds_send_toaddr()`, where these objects are allocated.
I believe there is a bug in there that prevents the `dns_message_t`
object (referenced by the `message` stack variable) from being released
when the `dns_request_createvia()` call fails (e.g. because
`requestmgr->exiting` is `true`, which is what happens at shutdown):
```diff
diff --git a/lib/dns/zone.c b/lib/dns/zone.c
index bbd2da00fda..cb6f47870f4 100644
--- a/lib/dns/zone.c
+++ b/lib/dns/zone.c
@@ -21231,7 +21231,7 @@ checkds_send_toaddr(isc_task_t *task, isc_event_t *event) {
checkds->zone, ISC_LOG_DEBUG(3),
"checkds: dns_request_createvia() to %s failed: %s",
addrbuf, dns_result_totext(result));
- goto cleanup;
+ goto cleanup_key;
}
cleanup_key:
```
(Note that the `goto` statement can also be removed altogether, but
perhaps it is more future-proof to leave it there, in case more code
gets added at a later time.)
To reproduce the problem, apply the following patch:
```diff
diff --git a/lib/dns/zone.c b/lib/dns/zone.c
index bbd2da00fda..1790f7d3ada 100644
--- a/lib/dns/zone.c
+++ b/lib/dns/zone.c
@@ -14,6 +14,7 @@
#include <errno.h>
#include <inttypes.h>
#include <stdbool.h>
+#include <unistd.h>
#include <isc/atomic.h>
#include <isc/file.h>
@@ -21222,6 +21223,7 @@ checkds_send_toaddr(isc_task_t *task, isc_event_t *event) {
timeout = 15;
options |= DNS_REQUESTOPT_TCP;
+ sleep(1);
result = dns_request_createvia(
checkds->zone->view->requestmgr, message, &src, &checkds->dst,
dscp, options, key, timeout * 3, timeout, 0,
```
and run the `checkds` system test on a platform where the Python tests
for checkds are skipped.
I do not think this is significant enough to fix in July releases - it
only happens if `named` is shut down around the time a DS check is
queued and only triggers an assertion failure *at shutdown*.August 2021 (9.11.35, 9.11.35-S1, 9.16.20, 9.16.20-S1, 9.17.17)Matthijs Mekkingmatthijs@isc.orgMatthijs Mekkingmatthijs@isc.orghttps://gitlab.isc.org/isc-projects/bind9/-/issues/2810Silence untrusted loop bound2021-07-14T19:09:27ZMark AndrewsSilence untrusted loop bound```
630
1. tainted_argument: Calling function dns_rdata_tostruct taints argument nsec3param.iterations. [show details]
631 result = dns_rdata_tostruct(nsec3rdata, &nsec3param, NULL);
2. Condition !!(result == 0), taking tr...```
630
1. tainted_argument: Calling function dns_rdata_tostruct taints argument nsec3param.iterations. [show details]
631 result = dns_rdata_tostruct(nsec3rdata, &nsec3param, NULL);
2. Condition !!(result == 0), taking true branch.
3. Condition !!(result == 0), taking true branch.
632 RUNTIME_CHECK(result == ISC_R_SUCCESS);
633
634 dns_fixedname_init(&fixed);
CID 281425 (#1 of 1): Untrusted loop bound (TAINTED_SCALAR)
4. tainted_data: Passing tainted expression nsec3param.iterations to dns_nsec3_hashname, which uses it as a loop boundary. [show details]
Ensure that tainted values are properly sanitized, by checking that their values are within a permissible range.
635 result = dns_nsec3_hashname(&fixed, rawhash, &rhsize, vctx->origin,
636 vctx->origin, nsec3param.hash,
637 nsec3param.iterations, nsec3param.salt,
638 nsec3param.salt_length);
```August 2021 (9.11.35, 9.11.35-S1, 9.16.20, 9.16.20-S1, 9.17.17)https://gitlab.isc.org/isc-projects/bind9/-/issues/2809Make quota configurable for DoH2021-08-09T11:48:30ZArtem BoldarievMake quota configurable for DoHCurrently, DoH shares the quota with TCP, which makes
little sense anyway (see `tcp-clients` option), because of the nature of
interaction of DoH clients: they tend to keep idle opened connections
for longer periods of time, preventing t...Currently, DoH shares the quota with TCP, which makes
little sense anyway (see `tcp-clients` option), because of the nature of
interaction of DoH clients: they tend to keep idle opened connections
for longer periods of time, preventing the TCP and TLS client from
being served.
Because of these differences, it makes sense for DoH to have a separate quota facility. Also, it makes sense to make the number of streams per connection configurable as well, as these are treated as virtual connections by the code.
*See !5036 for additional details.*August 2021 (9.11.35, 9.11.35-S1, 9.16.20, 9.16.20-S1, 9.17.17)Artem BoldarievArtem Boldarievhttps://gitlab.isc.org/isc-projects/bind9/-/issues/2808unchecked returns in rbtdb_test.c and dnssec-signzone.c2021-07-14T19:14:21ZMark Andrewsunchecked returns in rbtdb_test.c and dnssec-signzone.crbtdb_test.c
```
134 isc_buffer_add(&b, strlen(str1));
CID 332455 (#1 of 2): Unchecked return value (CHECKED_RETURN) [select issue]
135 dns_name_fromtext(name1, &b, dns_rootname, 0, NULL);
136
137 name2 = dns_fi...rbtdb_test.c
```
134 isc_buffer_add(&b, strlen(str1));
CID 332455 (#1 of 2): Unchecked return value (CHECKED_RETURN) [select issue]
135 dns_name_fromtext(name1, &b, dns_rootname, 0, NULL);
136
137 name2 = dns_fixedname_initname(&fname2);
138 isc_buffer_constinit(&b, str2, strlen(str2));
139 isc_buffer_add(&b, strlen(str2));
CID 332455 (#2 of 2): Unchecked return value (CHECKED_RETURN)
1. check_return: Calling dns_name_fromtext without checking return value (as is done elsewhere 137 out of 157 times).
140 dns_name_fromtext(name2, &b, dns_rootname, 0, NULL);
```
```
199 isc_buffer_add(&b, strlen(str1));
CID 332453 (#1 of 2): Unchecked return value (CHECKED_RETURN) [select issue]
200 dns_name_fromtext(name1, &b, dns_rootname, 0, NULL);
201
202 name2 = dns_fixedname_initname(&fname2);
203 isc_buffer_constinit(&b, str1, strlen(str1));
204 isc_buffer_add(&b, strlen(str1));
CID 332453 (#2 of 2): Unchecked return value (CHECKED_RETURN)
1. check_return: Calling dns_name_fromtext without checking return value (as is done elsewhere 137 out of 157 times).
205 dns_name_fromtext(name2, &b, dns_rootname, 0, NULL);
```
dnssec-signzone.c
```
385
CID 332452 (#1 of 1): Unchecked return value (CHECKED_RETURN)
1. check_return: Calling isc_rwlock_lock without checking return value (as is done elsewhere 98 out of 100 times).
386 isc_rwlock_lock(&keylist_lock, isc_rwlocktype_read);
387 key = keythatsigned_unlocked(rrsig);
CID 332454: Unchecked return value (CHECKED_RETURN) [select issue]
388 isc_rwlock_unlock(&keylist_lock, isc_rwlocktype_read);
```August 2021 (9.11.35, 9.11.35-S1, 9.16.20, 9.16.20-S1, 9.17.17)Mark AndrewsMark Andrewshttps://gitlab.isc.org/isc-projects/bind9/-/issues/2807Coverity reports use of tainted scalar2021-07-14T19:07:03ZMark AndrewsCoverity reports use of tainted scalar```
2607
43. tainted_argument: Calling function journal_read_xhdr taints argument xhdr.size. [show details]
2608 result = journal_read_xhdr(j1, &xhdr);
44. Condition rewrite, taking true branch.
45. ...```
2607
43. tainted_argument: Calling function journal_read_xhdr taints argument xhdr.size. [show details]
2608 result = journal_read_xhdr(j1, &xhdr);
44. Condition rewrite, taking true branch.
45. Condition result == 29, taking false branch.
2609 if (rewrite && result == ISC_R_NOMORE) {
2610 break;
2611 }
46. Condition result != 0, taking false branch.
2612 CHECK(result);
2613
47. var_assign_var: Assigning: size = xhdr.size. Both are now tainted.
2614 size = xhdr.size;
CID 331088 (#3 of 3): Untrusted allocation size (TAINTED_SCALAR)
48. tainted_data: Passing tainted expression size to isc__mem_get, which uses it as an allocation size. [show details]
Ensure that tainted values are properly sanitized, by checking that their values are within a permissible range.
2615 buf = isc_mem_get(mctx, size);
```August 2021 (9.11.35, 9.11.35-S1, 9.16.20, 9.16.20-S1, 9.17.17)Mark AndrewsMark Andrewshttps://gitlab.isc.org/isc-projects/bind9/-/issues/2804Release Checklist for BIND 9.11.34, BIND 9.11.34-S1, BIND 9.16.19, BIND 9.16....2021-07-28T13:05:20ZMichal NowakRelease Checklist for BIND 9.11.34, BIND 9.11.34-S1, BIND 9.16.19, BIND 9.16.19-S1, 9.17.16## Release Schedule
**Code Freeze:** Wednesday, June 30th, 2021
**Tagging Deadline:** Wednesday, July 12th, 2021
**Public Release:** Wednesday, July 21th, 2021
## Documentation Review Links
**Closed issues assigned to the milestone ...## Release Schedule
**Code Freeze:** Wednesday, June 30th, 2021
**Tagging Deadline:** Wednesday, July 12th, 2021
**Public Release:** Wednesday, July 21th, 2021
## Documentation Review Links
**Closed issues assigned to the milestone without a release note:**
- [9.17.16](https://gitlab.isc.org/isc-projects/bind9/-/issues?scope=all&utf8=%E2%9C%93&state=closed&milestone_title=July%202021%20(9.11.34%2C%209.11.34-S1%2C%209.16.19%2C%209.16.19-S1%2C%209.17.16)¬[label_name][]=Release%20Notes¬[label_name][]=Duplicate&label_name[]=v9.17)
- [9.16.19](https://gitlab.isc.org/isc-projects/bind9/-/issues?scope=all&utf8=%E2%9C%93&state=closed&milestone_title=July%202021%20(9.11.34%2C%209.11.34-S1%2C%209.16.19%2C%209.16.19-S1%2C%209.17.16)¬[label_name][]=Release%20Notes¬[label_name][]=Duplicate&label_name[]=v9.16)
- [9.11.34](https://gitlab.isc.org/isc-projects/bind9/-/issues?scope=all&utf8=%E2%9C%93&state=closed&milestone_title=July%202021%20(9.11.34%2C%209.11.34-S1%2C%209.16.19%2C%209.16.19-S1%2C%209.17.16)¬[label_name][]=Release%20Notes¬[label_name][]=Duplicate&label_name[]=v9.11)
**Merge requests merged into the milestone without a release note:**
- [9.17.16](https://gitlab.isc.org/isc-projects/bind9/-/merge_requests?scope=all&utf8=%E2%9C%93&state=merged&milestone_title=July%202021%20(9.11.34%2C%209.11.34-S1%2C%209.16.19%2C%209.16.19-S1%2C%209.17.16)¬[label_name][]=Release%20Notes&target_branch=main)
- [9.16.19](https://gitlab.isc.org/isc-projects/bind9/-/merge_requests?scope=all&utf8=%E2%9C%93&state=merged&milestone_title=July%202021%20(9.11.34%2C%209.11.34-S1%2C%209.16.19%2C%209.16.19-S1%2C%209.17.16)¬[label_name][]=Release%20Notes&target_branch=v9_16)
- [9.11.34](https://gitlab.isc.org/isc-projects/bind9/-/merge_requests?scope=all&utf8=%E2%9C%93&state=merged&milestone_title=July%202021%20(9.11.34%2C%209.11.34-S1%2C%209.16.19%2C%209.16.19-S1%2C%209.17.16)¬[label_name][]=Release%20Notes&target_branch=v9_11)
**Merge requests merged into the milestone without a `CHANGES` entry:**
- [9.17.16](https://gitlab.isc.org/isc-projects/bind9/-/merge_requests?scope=all&utf8=%E2%9C%93&state=merged&milestone_title=July%202021%20(9.11.34%2C%209.11.34-S1%2C%209.16.19%2C%209.16.19-S1%2C%209.17.16)&label_name[]=No%20CHANGES&target_branch=main)
- [9.16.19](https://gitlab.isc.org/isc-projects/bind9/-/merge_requests?scope=all&utf8=%E2%9C%93&state=merged&milestone_title=July%202021%20(9.11.34%2C%209.11.34-S1%2C%209.16.19%2C%209.16.19-S1%2C%209.17.16)&label_name[]=No%20CHANGES&target_branch=v9_16)
- [9.11.34](https://gitlab.isc.org/isc-projects/bind9/-/merge_requests?scope=all&utf8=%E2%9C%93&state=merged&milestone_title=July%202021%20(9.11.34%2C%209.11.34-S1%2C%209.16.19%2C%209.16.19-S1%2C%209.17.16)&label_name[]=No%20CHANGES&target_branch=v9_11)
## Release Checklist
### Before the Code Freeze
- [x] ***(QA)*** Inform Support and Marketing of impending release (and give estimated release dates).
- [x] ***(QA)*** Ensure there are no permanent test failures on any platform.
- [x] ***(QA)*** Check Perflab to ensure there has been no unexplained drop in performance for the versions being released.
- [x] ***(QA)*** Check whether all issues assigned to the release milestone are resolved[^1].
- [x] ***(QA)*** Ensure that there are no outstanding merge requests in the private repository[^1] (Subscription Edition only).
- [x] ***(QA)*** Ensure all merge requests marked for backporting have been indeed backported.
- [x] ***(QA)*** Announce (on Mattermost) that the code freeze is in effect.
### Before the Tagging Deadline
- [x] ***(QA)*** Look for outstanding documentation issues (e.g. `CHANGES` mistakes) and address them if any are found.
- [x] ***(QA)*** Ensure release notes are correct, ask Support and Marketing to check them as well.
- [x] ***(QA)*** Update API files for libraries with new version information.
- [x] ***(QA)*** Change software version and library versions in `configure.ac` (new major release only).
- [x] ***(QA)*** Rebuild `configure` using Autoconf on `docs.isc.org`.
- [x] ***(QA)*** Update `CHANGES`.
- [x] ***(QA)*** Update `CHANGES.SE` (Subscription Edition only).
- [x] ***(QA)*** Update `README.md`.
- [x] ***(QA)*** Update `version`.
- [x] ***(QA)*** Build documentation on `docs.isc.org`.
- [x] ***(QA)*** Check that the formatting is correct for text, PDF, and HTML versions of release notes.
- [x] ***(QA)*** Check that the formatting of the generated man pages is correct.
- [x] ***(QA)*** Tag the releases in the private repository (`git tag -s -m "BIND 9.x.y" v9_x_y`).
### Before the ASN Deadline (for ASN Releases) or the Public Release Date (for Regular Releases)
- [x] ***(QA)*** Verify GitLab CI results for the tags created and prepare a QA report for the releases to be published.
- [x] ***(QA)*** Announce (on Mattermost) that the code freeze is over.
- [x] ***(QA)*** Request signatures for the tarballs, providing their location and checksums.
- [x] ***(Signers)*** Validate tarball checksums, sign tarballs, and upload signatures.
- [x] ***(QA)*** Verify tarball signatures and check tarball checksums again.
- [x] ***(Support)*** Pre-publish ASN and/or Subscription Edition tarballs so that packages can be built.
- [x] ***(QA)*** Build and test ASN and/or Subscription Edition packages.
- [x] ***(QA)*** Notify Support that the releases have been prepared.
- [x] ***(Support)*** Send out ASNs (if applicable).
### On the Day of Public Release
- [x] ***(Support)*** Wait for clearance from Security Officer to proceed with the public release (if applicable).
- [x] ***(Support)*** Place tarballs in public location on FTP site.
- [x] ***(Support)*** Publish links to downloads on ISC website.
- [x] ***(Support)*** Write release email to *bind-announce*.
- [x] ***(Support)*** Write email to *bind-users* (if a major release).
- [x] ***(Support)*** Send eligible customers updated links to the Subscription Edition (update the -S edition delivery tickets, even if those links were provided earlier via an ASN ticket).
- [x] ***(Support)*** Update tickets in case of waiting support customers.
- [x] ***(QA)*** Build and test any outstanding private packages.
- [x] ***(QA)*** Build public packages (`*.deb`, RPMs).
- [x] ***(QA)*** Inform Marketing of the release.
- [x] ***(QA)*** Update the internal [BIND release dates wiki page](https://wiki.isc.org/bin/view/Main/BindReleaseDates) when public announcement has been made.
- [x] ***(Marketing)*** Post short note to Twitter.
- [x] ***(Marketing)*** Update [Wikipedia entry for BIND](https://en.wikipedia.org/wiki/BIND).
- [x] ***(Marketing)*** Write blog article (if a major release).
- [x] ***(QA)*** Ensure all new tags are annotated and signed.
- [x] ***(QA)*** Push tags for the published releases to the public repository.
- [x] ***(QA)*** Merge the automatically prepared `prep 9.x.y` commit which updates `version` and documentation on the release branch into the relevant maintenance branch (`v9_x`).
- [x] ***(QA)*** For each maintained branch, update the `BIND_BASELINE_VERSION` variable for the `abi-check` job in `.gitlab-ci.yml` to the latest published BIND version tag for a given branch.
- [x] ***(QA)*** Prepare empty release notes for the next set of releases.
- [x] ***(QA)*** Sanitize confidential issues which are assigned to the current release milestone and do not describe a security vulnerability, then make them public.
- [x] ***(QA)*** Sanitize confidential issues which are assigned to older release milestones and describe security vulnerabilities, then make them public if appropriate[^2].
- [x] ***(QA)*** Update QA tools used in GitLab CI (e.g. Flake8, PyLint) by modifying the relevant `Dockerfile`.
[^1]: If not, use the time remaining until the tagging deadline to ensure all outstanding issues are either resolved or moved to a different milestone.
[^2]: As a rule of thumb, security vulnerabilities which have reproducers merged to the public repository are considered okay for full disclosure.July 2021 (9.11.34, 9.11.34-S1, 9.16.19, 9.16.19-S1, 9.17.16)Michal NowakMichal Nowak2021-07-21https://gitlab.isc.org/isc-projects/bind9/-/issues/2802Fix missed occurrences of renaming masters to primaries2022-03-01T11:39:16ZMatthijs Mekkingmatthijs@isc.orgFix missed occurrences of renaming masters to primariesIssue #1992 dealt with renaming `masters` to `primaries`.
Ondrej noticed there are some leftover occurrences: https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/5234#note_223058
Fix this occurrence and review if we missed others.Issue #1992 dealt with renaming `masters` to `primaries`.
Ondrej noticed there are some leftover occurrences: https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/5234#note_223058
Fix this occurrence and review if we missed others.March 2022 (9.11.37, 9.11.37-S1, 9.16.27, 9.16.27-S1, 9.18.1)https://gitlab.isc.org/isc-projects/bind9/-/issues/2801unit test netmgr_test of 9.17.15 fails reliably on s390x2022-05-30T10:14:14ZPetr Menšíkunit test netmgr_test of 9.17.15 fails reliably on s390x<!--
If the bug you are reporting is potentially security-related - for example,
if it involves an assertion failure or other crash in `named` that can be
triggered repeatedly - then please do *NOT* report it here, but send an
email to [...<!--
If the bug you are reporting is potentially security-related - for example,
if it involves an assertion failure or other crash in `named` that can be
triggered repeatedly - then please do *NOT* report it here, but send an
email to [security-officer@isc.org](security-officer@isc.org).
-->
### Summary
netmgr_test fails always on 9.17.15 builds
### BIND version used
```
BIND 9.17.15 (Development Release) <id:a3a1875>
running on Linux s390x 5.13.0-0.rc7.20210624git7426cedc7dad.54.fc35.s390x #1 SMP Thu Jun 24 15:11:21 UTC 2021
built by make with '--build=s390x-ibm-linux-gnu' '--host=s390x-ibm-linux-gnu' '--program-prefix=' '--disable-dependency-tracking' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64' '--libexecdir=/usr/libexec' '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--localstatedir=/var' '--with-pic' '--disable-static' '--includedir=/usr/include/bind9' '--with-tuning=large' '--with-libidn2' '--with-maxminddb' '--with-gssapi=yes' '--with-lmdb=yes' '--with-json-c' '--enable-dnstap' '--with-cmocka' '--enable-fixed-rrset' '--enable-full-report' 'build_alias=s390x-ibm-linux-gnu' 'host_alias=s390x-ibm-linux-gnu' 'CC=gcc' 'CFLAGS= -O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=zEC12 -mtune=z13 -fasynchronous-unwind-tables -fstack-clash-protection' 'LDFLAGS=-Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld ' 'LT_SYS_LIBRARY_PATH=/usr/lib64:' 'PKG_CONFIG_PATH=:/usr/lib64/pkgconfig:/usr/share/pkgconfig'
compiled by GCC 11.1.1 20210623 (Red Hat 11.1.1-6)
compiled with OpenSSL version: OpenSSL 1.1.1k FIPS 25 Mar 2021
linked to OpenSSL version: OpenSSL 1.1.1k FIPS 25 Mar 2021
compiled with libuv version: 1.41.0
linked to libuv version: 1.41.0
compiled with libnghttp2 version: 1.43.0
linked to libnghttp2 version: 1.43.0
compiled with libxml2 version: 2.9.12
linked to libxml2 version: 20912
compiled with json-c version: 0.14
linked to json-c version: 0.14
compiled with zlib version: 1.2.11
linked to zlib version: 1.2.11
linked to maxminddb version: 1.5.2
compiled with protobuf-c version: 1.3.3
linked to protobuf-c version: 1.3.3
threads support is enabled
default paths:
named configuration: /etc/named.conf
rndc configuration: /etc/rndc.conf
DNSSEC root key: /etc/bind.keys
nsupdate session key: /var/run/named/session.key
named PID file: /var/run/named/named.pid
named lock file: /var/run/named/named.lock
geoip-directory: /usr/share/GeoIP
```
### Steps to reproduce
- build 9.17.15 on Fedora rawhide, arch s390x (fails on f34 too)
- make unit
What I have used:
- git clone https://src.fedoraproject.org/forks/pemensik/rpms/bind.git
- cd bind
- git checkout v9_17
- fedpkg builddep bind.spec
- fedpkg --release rawhide local
- or fedpkg --release rawhide scratch-build --arch s390x --srpm
### What is the current *bug* behavior?
```
make[5]: Entering directory '/builddir/build/BUILD/bind-9.17.15/build/lib/isc/tests'
PASS: aes_test
PASS: buffer_test
PASS: counter_test
PASS: crc64_test
PASS: doh_test
PASS: errno_test
PASS: file_test
PASS: hash_test
PASS: heap_test
PASS: hmac_test
PASS: ht_test
PASS: lex_test
PASS: md_test
PASS: mem_test
PASS: netaddr_test
FAIL: netmgr_test
PASS: parse_test
PASS: pool_test
PASS: quota_test
PASS: radix_test
PASS: random_test
PASS: regex_test
PASS: result_test
PASS: safe_test
PASS: siphash_test
PASS: sockaddr_test
PASS: socket_test
PASS: symtab_test
PASS: task_test
PASS: taskpool_test
PASS: time_test
PASS: timer_test
============================================================================
Testsuite summary for BIND 9.17.15
============================================================================
# TOTAL: 32
# PASS: 31
# SKIP: 0
# XFAIL: 0
# FAIL: 1
# XPASS: 0
# ERROR: 0
============================================================================
See lib/isc/tests/test-suite.log
Please report to info@isc.org
============================================================================``
```
### What is the expected *correct* behavior?
All PASS, FAIL: 0
### Relevant configuration files
Used [bind.spec](https://src.fedoraproject.org/fork/pemensik/rpms/bind/blob/v9_17/f/bind.spec).
### Relevant logs and/or screenshots
```
$ ./netmgr_test
[==========] Running 81 test(s).
[ RUN ] mock_listenudp_uv_udp_open
[ OK ] mock_listenudp_uv_udp_open
[ RUN ] mock_listenudp_uv_udp_bind
[ OK ] mock_listenudp_uv_udp_bind
[ RUN ] mock_listenudp_uv_udp_recv_start
[ OK ] mock_listenudp_uv_udp_recv_start
[ RUN ] mock_udpconnect_uv_udp_open
[ OK ] mock_udpconnect_uv_udp_open
[ RUN ] mock_udpconnect_uv_udp_bind
[ OK ] mock_udpconnect_uv_udp_bind
[ RUN ] mock_udpconnect_uv_udp_connect
[ OK ] mock_udpconnect_uv_udp_connect
[ RUN ] mock_udpconnect_uv_recv_buffer_size
[ OK ] mock_udpconnect_uv_recv_buffer_size
[ RUN ] mock_udpconnect_uv_send_buffer_size
[ OK ] mock_udpconnect_uv_send_buffer_size
[ RUN ] udp_noop
[ OK ] udp_noop
[ RUN ] udp_noresponse
[ OK ] udp_noresponse
[ RUN ] udp_timeout_recovery
[ OK ] udp_timeout_recovery
[ RUN ] udp_recv_one
$ echo $?
255
```
```
(gdb) bt
#0 __GI_exit (status=status@entry=-1) at exit.c:143
#1 0x000003fffde8296e in exit_test (quit_application=1) at /usr/src/debug/cmocka-1.1.5-9.fc35.s390x/src/cmocka.c:408
#2 0x000003fffde82a7a in _fail (file=file@entry=0x2aa00018c8c "../../../../lib/isc/tests/netmgr_test.c",
line=<optimized out>) at /usr/src/debug/cmocka-1.1.5-9.fc35.s390x/src/cmocka.c:2196
#3 0x000003fffde82b3c in _assert_true (result=0, line=<optimized out>,
file=0x2aa00018c8c "../../../../lib/isc/tests/netmgr_test.c",
expression=0x2aa00018f3a "region->length >= sizeof(magic)")
at /usr/src/debug/cmocka-1.1.5-9.fc35.s390x/src/cmocka.c:1730
#4 0x000002aa000078c2 in listen_read_cb (handle=<optimized out>, eresult=<optimized out>,
region=region@entry=0x3fffd0395c8, cbarg=0x0) at ../../../../lib/isc/tests/netmgr_test.c:537
#5 0x000003fffdda9b16 in isc__nm_async_readcb (worker=worker@entry=0x0, ev0=ev0@entry=0x3fffd039680)
at ../../../lib/isc/netmgr/netmgr.c:2739
#6 0x000003fffdda9c98 in isc__nm_readcb (sock=sock@entry=0x2aa00e5fd30, uvreq=<optimized out>, eresult=eresult@entry=0)
at ../../../lib/isc/netmgr/netmgr.c:2714
#7 0x000002aa00005cba in udp_recv_cb (handle=<optimized out>, nrecv=0, buf=0x3fffd0398b8, addr=0x3fffd039748,
flags=<optimized out>) at ../../../../lib/isc/tests/../netmgr/udp.c:420
#8 0x000003fffdd22cc2 in uv__udp_recvmsg (handle=0x2aa00e603f0) at src/unix/udp.c:304
#9 uv__udp_io (loop=<optimized out>, w=0x2aa00e60470, revents=<optimized out>) at src/unix/udp.c:180
#10 0x000003fffdd26b78 in uv__io_poll (loop=0x2aa004d68b0, timeout=<optimized out>) at src/unix/linux-core.c:462
#11 0x000003fffdd163e0 in uv_run (loop=loop@entry=0x2aa004d68b0, mode=mode@entry=UV_RUN_DEFAULT) at src/unix/core.c:385
#12 0x000003fffddad4f0 in nm_thread (worker0=0x2aa004d68a0) at ../../../lib/isc/netmgr/netmgr.c:746
#13 0x000003fffddf2696 in isc__trampoline_run (arg=0x2aa0057c850) at ../../../lib/isc/trampoline.c:184
#14 0x000003fffdb9a8a2 in start_thread (arg=<optimized out>) at pthread_create.c:429
#15 0x000003fffdc12d8e in thread_start () at ../sysdeps/unix/sysv/linux/s390/s390-64/clone.S:67
(gdb) frame 4
#4 0x000002aa000078c2 in listen_read_cb (handle=<optimized out>, eresult=<optimized out>,
region=region@entry=0x3fffd0395c8, cbarg=0x0) at ../../../../lib/isc/tests/netmgr_test.c:537
537 assert_true(region->length >= sizeof(magic));
(gdb) p region->length
$1 = 0
(gdb) p sizeof(magic)
$2 = 8
(gdb) p region
$3 = (isc_region_t *) 0x3fffd0395c8
(gdb) p *region
$4 = {base = 0x2aa0057d270 "", length = 0}
```
```
# cat /proc/cpuinfo
vendor_id : IBM/S390
# processors : 2
bogomips per cpu: 3033.00
max thread id : 0
features : esan3 zarch stfle msa ldisp eimm dfp edat etf3eh highgprs te vx sie
facilities : 0 1 2 3 4 6 7 8 9 10 12 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 30 31 32 33 34 35 36 37 40 41 42 43 44 45 46 47 48 49 50 51 52 53 55 57 73 74 75 76 77 80 81 82 128 129 131
cache0 : level=1 type=Data scope=Private size=128K line_size=256 associativity=8
cache1 : level=1 type=Instruction scope=Private size=96K line_size=256 associativity=6
cache2 : level=2 type=Data scope=Private size=2048K line_size=256 associativity=8
cache3 : level=2 type=Instruction scope=Private size=2048K line_size=256 associativity=8
cache4 : level=3 type=Unified scope=Shared size=65536K line_size=256 associativity=16
cache5 : level=4 type=Unified scope=Shared size=491520K line_size=256 associativity=30
processor 0: version = FF, identification = 3233E8, machine = 2964
processor 1: version = FF, identification = 3233E8, machine = 2964
cpu number : 0
physical id : 0
core id : 0
book id : 0
drawer id : 0
dedicated : 0
address : 0
siblings : 1
cpu cores : 1
version : FF
identification : 3233E8
machine : 2964
cpu MHz dynamic : 5000
cpu MHz static : 5000
cpu number : 1
physical id : 1
core id : 1
book id : 1
drawer id : 1
dedicated : 0
address : 1
siblings : 1
cpu cores : 1
version : FF
identification : 3233E8
machine : 2964
cpu MHz dynamic : 5000
cpu MHz static : 5000
```
Strange is this failure is not printed to stdout or stderr, it just exits from test with 255 error code.
### Possible fixes
(If you can, link to the line of code that might be responsible for the
problem.)
It reliably fails on Fedora 34 too. No idea why it always fails on s390x. I have seen also failure on x86_64 builder, which I could not reproduce on my own machines. s390x fails always. Could be related to CPU count?June 2022 (9.16.30, 9.16.30-S1, 9.18.4, 9.19.2)https://gitlab.isc.org/isc-projects/bind9/-/issues/2799documentation for Administrative Tools is out of sync with manual pages2022-04-04T11:32:17ZPetr Špačekpspacek@isc.orgdocumentation for Administrative Tools is out of sync with manual pages### BIND version used
v9.16.18
### Steps to reproduce
Compare content of:
- https://bind9.readthedocs.io/en/v9_16_18/configuration.html#administrative-tools
- https://bind9.readthedocs.io/en/v9_16_18/manpages.html#named-checkconf-named...### BIND version used
v9.16.18
### Steps to reproduce
Compare content of:
- https://bind9.readthedocs.io/en/v9_16_18/configuration.html#administrative-tools
- https://bind9.readthedocs.io/en/v9_16_18/manpages.html#named-checkconf-named-configuration-file-syntax-checking-tool
- https://bind9.readthedocs.io/en/v9_16_18/manpages.html#rndc-name-server-control-utility
### What is the current *bug* behavior?
Section Administrative Tools duplicates man pages, but in a lame way.:
- `named-checkconf` does not list all the options manpage lists
- `named-checkzone` description is just weird
- section is missing links to man pages
### Possible fixes
I think the section is due for rewrite. Maybe it can work as simple guidepost which points to individual manpages? Like one sentence about each tool + link?
### Relevant logs and/or screenshots
![image](/uploads/4a14dd593624f8ed13ce5a13aea30d77/image.png)April 2022 (9.16.28, 9.16.28-S1, 9.18.2, 9.19.0)Petr Špačekpspacek@isc.orgPetr Špačekpspacek@isc.orghttps://gitlab.isc.org/isc-projects/bind9/-/issues/2797network buffer size limits are enforced incorrectly and always overwrite tcp-...2021-07-08T08:56:35ZPetr Špačekpspacek@isc.orgnetwork buffer size limits are enforced incorrectly and always overwrite tcp-receive-buffer### Summary
When enforcing limits for out of range values on configuration options tcp-send-buffer, udp-receive-buffer, udp-send-buffer, the enforced value always overwrite tcp-receive-buffer instead of the problematic value.
### BIND ...### Summary
When enforcing limits for out of range values on configuration options tcp-send-buffer, udp-receive-buffer, udp-send-buffer, the enforced value always overwrite tcp-receive-buffer instead of the problematic value.
### BIND version affected
v9.17.13 up to current main (33394f11c387396c06210320b408a6f9ffe93ddc)
### Steps to reproduce
Configure one of tcp-send-buffer, udp-receive-buffer, udp-send-buffer with an out of range value (< 4096, > 2^32).
### What is the current *bug* behavior?
- Limit >= 4096, <= 2^32 is not enforced on these three options.
- Allowed minimal/maximal value overwrites `tcp-receive-buffer` value!
### What is the expected *correct* behavior?
Well, limits are enforced properly.
### Relevant configuration files
```
options {
tcp-send-buffer <an out of range value>;
udp-receive-buffer <an out of range value>;
udp-send-buffer <an out of range value>;
};
```July 2021 (9.11.34, 9.11.34-S1, 9.16.19, 9.16.19-S1, 9.17.16)https://gitlab.isc.org/isc-projects/bind9/-/issues/2796Add more configuration options to control TLS context (enough to implement Pe...2022-01-21T13:28:21ZArtem BoldarievAdd more configuration options to control TLS context (enough to implement Perfect Forward Secrecy)It would be nice for us to borrow more configuration options from NGINX, which is an industry standard. As far as I can tell, borrowing the following options will make it possible to implement [Perfect Forward Secrecy](https://en.wikiped...It would be nice for us to borrow more configuration options from NGINX, which is an industry standard. As far as I can tell, borrowing the following options will make it possible to implement [Perfect Forward Secrecy](https://en.wikipedia.org/wiki/Forward_secrecy) in BIND:
* An ability to specify supported ciphers: [ssl_ciphers](http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_ciphers);
* An ability to specify Diffie-Hellman parameters for DHE ciphers: [ssl_dhparam](http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_dhparam);
* An ability to inform client that server ciphers should be preferred: [ssl_prefer_server_ciphers](http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_prefer_server_ciphers);
* An ability to enable/disable TLS session tickets: [ssl_session_tickets](http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_tickets)).
Implementing this is hugely beneficial for both DoH and DoT.
The end result could look like this:
```
tls some-tls {
...
ciphers "HIGH:!aNULL:!MD5";
dhparam-file "/path/to/dh3072.pem"; // theoretically, we could compile in a default value for it. this needs more research.
prefer-server-ciphers yes;
session-tickets no;
...
};
```
*Loosely related to #2775*October 2021 (9.11.36, 9.11.36-S1, 9.16.22, 9.16.22-S1, 9.17.19)Artem BoldarievArtem Boldarievhttps://gitlab.isc.org/isc-projects/bind9/-/issues/2795We should have ability to specify supported TLS protocol versions2022-01-19T11:20:48ZArtem BoldarievWe should have ability to specify supported TLS protocol versionsCurrently, it is not possible to specify supported TLS protocols versions. In some environments it might be required or, at least, useful. In particular, only TLSv1.3 and higher should be used for XoT.
We could model the behaviour for c...Currently, it is not possible to specify supported TLS protocols versions. In some environments it might be required or, at least, useful. In particular, only TLSv1.3 and higher should be used for XoT.
We could model the behaviour for configuring this from e.g NGINX. It has [`ssl_protocols`](http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_protocols) option where multiple TLS protocol versions could be specified. It could look like this:
```
tls some-tls {
...
protocols {TLSv1.2, TLSv1.3};
...
};
```
It is going to be useful for both DoH and DoT.
*The issue is a half of #2775.*October 2021 (9.11.36, 9.11.36-S1, 9.16.22, 9.16.22-S1, 9.17.19)Artem BoldarievArtem Boldarievhttps://gitlab.isc.org/isc-projects/bind9/-/issues/2794DNS-over-TLS should use "dot" ALPN2021-10-11T13:00:53ZArtem BoldarievDNS-over-TLS should use "dot" ALPNAlthough [RFC7858] does not seem to mention any specific ALPNs for DoT, the [RFC9103 for XoT](https://datatracker.ietf.org/doc/html/draft-ietf-dprive-xfr-over-tls) mentions that `dot` MUST be used (see section [7.1](https://datatracker.i...Although [RFC7858] does not seem to mention any specific ALPNs for DoT, the [RFC9103 for XoT](https://datatracker.ietf.org/doc/html/draft-ietf-dprive-xfr-over-tls) mentions that `dot` MUST be used (see section [7.1](https://datatracker.ietf.org/doc/html/rfc9103)).
> During connection establishment the Application-Layer Protocol
Negotiation (ALPN) token "dot" [DoT-ALPN] MUST be selected in the TLS
handshake.
Thus, we should just use `dot` as ALPN for all DoT connections as it [is registered](https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#alpn-protocol-ids) as ALPN for DoT.
*This issue is a part of #2775.*October 2021 (9.11.36, 9.11.36-S1, 9.16.22, 9.16.22-S1, 9.17.19)Artem BoldarievArtem Boldarievhttps://gitlab.isc.org/isc-projects/bind9/-/issues/2793Bind 9.16 Release notes typo2021-08-09T07:55:45ZPeter DaviesBind 9.16 Release notes typoBind 9.16 Release notes typo
https://downloads.isc.org/isc/bind9/9.16.18/doc/arm/html/notes.html#notes-for-bind-9-16-11.
"As of BIND 9.17.8, named attempts to distribute incoming queries among multiple threads ..."
Shouldn't t...Bind 9.16 Release notes typo
https://downloads.isc.org/isc/bind9/9.16.18/doc/arm/html/notes.html#notes-for-bind-9-16-11.
"As of BIND 9.17.8, named attempts to distribute incoming queries among multiple threads ..."
Shouldn't this be 9.16.11?August 2021 (9.11.35, 9.11.35-S1, 9.16.20, 9.16.20-S1, 9.17.17)Michał KępieńMichał Kępień