[CVE-2020-8621] Attempting QNAME minimization after forwarding can lead to an assertion failure in resolver.c
Summary
Similar to issue 1219, I am getting repeated periodic bind crashes. I am on Ubuntu Server 20.04 LTS, fully patched and up to date. This is installed from the ISC Bind9 PPA using the focal release.
BIND version used
BIND 9.16.4-Ubuntu (Stable Release) <id:0849b42>
running on Linux x86_64 5.4.0-33-generic #37-Ubuntu SMP Thu May 21 12:53:59 UTC 2020
built by make with '--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=/usr/include' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--disable-silent-rules' '--libdir=/usr/lib/x86_64
-linux-gnu' '--libexecdir=/usr/lib/x86_64-linux-gnu' '--disable-maintainer-mode' '--disable-dependency-tracking' '--libdir=/usr/lib/x86_64-linux-gnu' '--sysconfdir=/etc/bind' '--with-python=python3' '--localstatedir=/' '--enable-threads'
'--enable-largefile' '--with-libtool' '--enable-shared' '--enable-static' '--with-gost=no' '--with-openssl=/usr' '--with-gssapi=/usr' '--with-libidn2' '--with-libjson-c' '--with-lmdb=/usr' '--with-gnu-ld' '--with-maxminddb' '--with-atf=
no' '--enable-ipv6' '--enable-rrl' '--enable-filter-aaaa' '--disable-native-pkcs11' '--enable-dnstap' 'build_alias=x86_64-linux-gnu' 'CFLAGS=-g -O2 -fdebug-prefix-map=/build/bind9-cWwckC/bind9-9.16.4=. -fstack-protector-strong -Wformat -
Werror=format-security -fno-strict-aliasing -fno-delete-null-pointer-checks -DNO_VERSION_DATE -DDIG_SIGCHASE' 'LDFLAGS=-Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,-z,now' 'CPPFLAGS=-Wdate-time -D_FORTIFY_SOURCE=2'
compiled by GCC 9.3.0
compiled with OpenSSL version: OpenSSL 1.1.1f 31 Mar 2020
linked to OpenSSL version: OpenSSL 1.1.1f 31 Mar 2020
compiled with libxml2 version: 2.9.10
linked to libxml2 version: 20910
compiled with json-c version: 0.13.1
linked to json-c version: 0.13.1
compiled with zlib version: 1.2.11
linked to zlib version: 1.2.11
linked to maxminddb version: 1.4.2
compiled with protobuf-c version: 1.3.3
linked to protobuf-c version: 1.3.3
threads support is enabled
default paths:
named configuration: /etc/bind/named.conf
rndc configuration: /etc/bind/rndc.conf
DNSSEC root key: /etc/bind/bind.keys
nsupdate session key: //run/named/session.key
named PID file: //run/named/named.pid
named lock file: //run/named/named.lock
geoip-directory: /usr/share/GeoIPSteps to reproduce
Not sure, named is running fine and suddenly I will notice resolving slows on clients as DNS reverts to the secondary resolver, upon checking the service status it is "failed" in systemd. The service restarts but then crashes intermittently, approximately every 1-3 days.
What is the current bug behavior?
Service fails and resolving stops.
What is the expected correct behavior?
Service should not fail/stop
Relevant configuration files
root@HOST:~# named-checkconf -px
...[Sanitized by @mnowak.]
Relevant logs and/or screenshots
Console output of /var/log/bind/bind.log
30-Jun-2020 00:00:02.536 general: notice: all zones loaded
30-Jun-2020 00:00:02.536 general: notice: running
30-Jun-2020 10:19:36.354 general: critical: resolver.c:5104: INSIST(dns_name_issubdomain(&fctx->name, &fctx->domain)) failed, back trace
30-Jun-2020 10:19:36.354 general: critical: #0 0x55b9b83ff083 in ??
30-Jun-2020 10:19:36.354 general: critical: #1 0x7f4ea095cac0 in ??
30-Jun-2020 10:19:36.354 general: critical: #2 0x7f4ea0b26675 in ??
30-Jun-2020 10:19:36.354 general: critical: #3 0x7f4ea0b29e90 in ??
30-Jun-2020 10:19:36.354 general: critical: #4 0x7f4ea0b2fdb8 in ??
30-Jun-2020 10:19:36.354 general: critical: #5 0x7f4ea0b348a1 in ??
30-Jun-2020 10:19:36.354 general: critical: #6 0x7f4ea0984d51 in ??
30-Jun-2020 10:19:36.354 general: critical: #7 0x7f4ea0425609 in ??
30-Jun-2020 10:19:36.354 general: critical: #8 0x7f4ea034c103 in ??
30-Jun-2020 10:19:36.354 general: critical: exiting (due to assertion failure)Possible fixes
(If you can, link to the line of code that might be responsible for the problem.)
Edited by Michal Nowak