Skip to content

SVCB alpn rdata parsing error in commatxt_fromtext()

Summary

BIND version affected

BIND 9.18.26 (Extended Support Version) id:936d80b running on Linux x86_64 3.10.0-327.ali2012.alios7.x86_64 #1 SMP Mon Oct 9 14:09:14 CST 2017 built by make with '--build=x86_64-redhat-linux-gnu' '--host=x86_64-redhat-linux-gnu' '--program-prefix=' '--disable-dependency-tracking' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64' '--libexecdir=/usr/libexec' '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--with-libtool' '--localstatedir=/var' '--enable-epoll' '--with-pic' '--with-python=/home/tops/bin/python2.7' '--with-python-install-dir=/home/tops' '--disable-geoip' '--with-tuning=large' '--enable-auto-validation=no' '--without-python' '--disable-doh' '--with-openssl=../openssl/' 'build_alias=x86_64-redhat-linux-gnu' 'host_alias=x86_64-redhat-linux-gnu' 'PKG_CONFIG_PATH=:/usr/lib/pkgconfig:/usr/lib64/pkgconfig:/usr/local/lib/pkgconfig:/usr/local/lib64/pkgconfig' compiled by GCC 4.8.5 20150623 (Red Hat 4.8.5-28) compiled with OpenSSL version: OpenSSL 1.0.2k-fips 26 Jan 2017 linked to OpenSSL version: OpenSSL 1.0.2k-fips 26 Jan 2017 compiled with libuv version: 1.40.0 linked to libuv version: 1.40.0 compiled with zlib version: 1.2.7 linked to zlib version: 1.2.7 threads support is enabled DNSSEC algorithms: RSASHA1 NSEC3RSASHA1 RSASHA256 RSASHA512 ECDSAP256SHA256 ECDSAP384SHA384 DS algorithms: SHA-1 SHA-256 SHA-384 HMAC algorithms: HMAC-MD5 HMAC-SHA1 HMAC-SHA224 HMAC-SHA256 HMAC-SHA384 HMAC-SHA512 TKEY mode 2 support (Diffie-Hellman): yes TKEY mode 3 support (GSS-API): yes

default paths: named configuration: /etc/named.conf rndc configuration: /etc/rndc.conf DNSSEC root key: /etc/bind.keys nsupdate session key: /var/run/named/session.key named PID file: /var/run/named/named.pid named lock file: /var/run/named/named.lock

Steps to reproduce

  1. Configure a SVCB RR with ALPN svcbparam with value ",abc" and "a,,abc"
$TTL 1d
svcbtest. IN SOA ns1.svcbtest. mail.svcbtest. (
        1;
        3h;
        1h;
        1w;
        1h );

         IN NS ns1.svcbtest.
ns1.svcbtest. IN A 127.0.0.1
svcb in svcb 1 1.svcb alpn=\,abc
svcb1 in svcb 1 1.svcb alpn=a\,\,abc
  1. Succeed to load zonefile.
#dig @localhost svcbtest. soa

; <<>> DiG 9.18.26 <<>> @localhost svcbtest. soa
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23935
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: d5d285c1e48a135801000000666faaadd4386d8fcc4365a1 (good)
;; QUESTION SECTION:
;svcbtest.			IN	SOA

;; ANSWER SECTION:
svcbtest.		86400	IN	SOA	ns1.svcbtest. mail.svcbtest. 1 10800 3600 604800 3600

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(localhost) (UDP)
;; WHEN: Mon Jun 17 11:17:01 CST 2024
;; MSG SIZE  rcvd: 110
  1. Dig SVCB returns FORMERR
#dig @localhost svcb1.svcbtest svcb
;; Got bad packet: FORMERR
113 bytes
8a e1 85 80 00 01 00 01 00 00 00 01 05 73 76 63          .............svc
62 31 08 73 76 63 62 74 65 73 74 00 00 40 00 01          b1.svcbtest..@..
c0 0c 00 40 00 01 00 01 51 80 00 1e 00 01 01 31          ...@....Q......1
04 73 76 63 62 08 73 76 63 62 74 65 73 74 00 00          .svcb.svcbtest..
01 00 07 01 61 00 03 61 62 63 00 00 29 04 d0 00          ....a..abc..)...
00 00 00 00 1c 00 0a 00 18 71 cb a0 52 30 06 61          .........q..R0.a
30 01 00 00 00 66 6f aa ec 96 9d 29 81 04 e1 d3          0....fo....)....
c3

#dig @localhost svcb.svcbtest svcb
;; Got bad packet: FORMERR
110 bytes
c2 98 85 80 00 01 00 01 00 00 00 01 04 73 76 63          .............svc
62 08 73 76 63 62 74 65 73 74 00 00 40 00 01 c0          b.svcbtest..@...
0c 00 40 00 01 00 01 51 80 00 1c 00 01 01 31 04          ..@....Q......1.
73 76 63 62 08 73 76 63 62 74 65 73 74 00 00 01          svcb.svcbtest...
00 05 00 03 61 62 63 00 00 29 04 d0 00 00 00 00          ....abc..)......
00 1c 00 0a 00 18 0c ac 41 97 97 19 83 27 01 00          ........A....'..
00 00 66 6f ab 10 ac 52 ca d5 c2 69 3b 1a                ..fo...R...i;.

What is the current bug behavior?

SVCB ALPN param value with escaped comma string not being well parsed.

What is the expected correct behavior?

Return syntax error while loading zonefile?

Relevant configuration files

zone "svcbtest" { type master; file "svcbtest"; };

Relevant logs

17-Jun-2024 11:09:30.113 zoneload: zone svcbtest/IN: loaded serial 1
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information