Incorrect TSIG time causes assertion failure buffer.h:960: REQUIRE(((b)->length - (b)->used) >= sizeof(val))
Summary
BIND 9.20.0 stops when received an invalid time with valid TSIG signature.
BIND version affected
only BIND 9.20.0
Steps to reproduce
The primary sends an invalid TSIG time (BADTIME) with a valid TSIG signature. See log.
I.e. only a party with TSIG key can trigger this bug.
What is the current bug behavior?
buffer.h:960: REQUIRE(((b)->length - (b)->used) >= sizeof(val)) failedSee log. I hope the log informations help to resolve the issue.
What is the expected correct behavior?
BIND 9.18.28 did not stop after encountering an invalid time with a valid signature.
Relevant logs
Jul 24 02:20:59 nameserver named[12016]: client @0x7f323dede400 127.0.0.1#50301: request has invalid signature: TSIG tsig1: tsig verify failure (BADTIME)
Jul 24 02:20:59 nameserver named[12016]: ../../lib/isc/include/isc/buffer.h:960: REQUIRE(((b)->length - (b)->used) >= sizeof(val)) failed
Jul 24 02:20:59 nameserver named[12016]: client @0x7f323bcdd400 ::1#53356/key tsig1: received notify for zone 'example.com': TSIG 'tsig1'
Jul 24 02:20:59 nameserver named[12016]: zone example.com/IN: notify from ::1#53356: serial 1721780023
Jul 24 02:20:59 nameserver named[12016]: zone example.com/IN: Transfer started.
Jul 24 02:20:59 nameserver named[12016]: 0x7f3242a90a00: transfer of 'example.com/IN' from 127.0.0.1#53: connected using 127.0.0.1#53 TSIG tsig1
Jul 24 02:20:59 nameserver named[12016]: /usr/local/lib/libisc-9.20.0.so(isc_backtrace_log+0x2f) [0x7f3245fe186f]
Jul 24 02:20:59 nameserver named[12016]: /usr/local/sbin/named(+0x24cc8) [0x562eeb82ccc8]
Jul 24 02:20:59 nameserver named[12016]: /usr/local/lib/libisc-9.20.0.so(isc_assertion_failed+0xa) [0x7f3245fe145a]
Jul 24 02:20:59 nameserver named[12016]: /usr/local/lib/libdns-9.20.0.so(dns_tsig_sign+0x689) [0x7f3245eddef9]
Jul 24 02:20:59 nameserver named[12016]: /usr/local/lib/libdns-9.20.0.so(dns_message_renderend+0x222) [0x7f3245e167e2]
Jul 24 02:20:59 nameserver named[12016]: /usr/local/lib/libns-9.20.0.so(ns_client_send+0x2c5) [0x7f3245d49055]
Jul 24 02:20:59 nameserver named[12016]: /usr/local/lib/libns-9.20.0.so(ns_client_error+0x14f) [0x7f3245d4a54f]
Jul 24 02:20:59 nameserver named[12016]: /usr/local/lib/libns-9.20.0.so(+0x11791) [0x7f3245d4b791]
Jul 24 02:20:59 nameserver named[12016]: /usr/local/lib/libns-9.20.0.so(ns_client_request+0x73e) [0x7f3245d4c2fe]
Jul 24 02:20:59 nameserver named[12016]: /usr/local/lib/libisc-9.20.0.so(+0x211b9) [0x7f3245fcd1b9]
Jul 24 02:20:59 nameserver named[12016]: /usr/local/lib/libisc-9.20.0.so(isc__nm_udp_read_cb+0x1be) [0x7f3245fdfcce]
Jul 24 02:20:59 nameserver named[12016]: /usr/local/lib/libuv.so.1(+0x1f256) [0x7f3245689256]
Jul 24 02:20:59 nameserver named[12016]: /usr/local/lib/libuv.so.1(+0x2000b) [0x7f324568a00b]
Jul 24 02:20:59 nameserver named[12016]: /usr/local/lib/libuv.so.1(+0x229f4) [0x7f324568c9f4]
Jul 24 02:20:59 nameserver named[12016]: /usr/local/lib/libuv.so.1(uv_run+0x9b) [0x7f324567b0ab]
Jul 24 02:20:59 nameserver named[12016]: /usr/local/lib/libisc-9.20.0.so(+0x4825c) [0x7f3245ff425c]
Jul 24 02:20:59 nameserver named[12016]: /usr/local/lib/libisc-9.20.0.so(+0x59de6) [0x7f3246005de6]
Jul 24 02:20:59 nameserver named[12016]: /lib/x86_64-linux-gnu/libpthread.so.0(+0x7fa3) [0x7f3245248fa3]
Jul 24 02:20:59 nameserver named[12016]: /lib/x86_64-linux-gnu/libc.so.6(clone+0x3f) [0x7f3244fd74cf]
Jul 24 02:20:59 nameserver named[12016]: exiting (due to assertion failure)Edited by Petr Špaček