[CVE-2019-6476] Bind randomly goes nuts with critical: exiting (due to assertion failure)
Linux version 4.14.47-64.38.amzn2.x86_64 (gcc version 7.3.1 20180303 (Red Hat 7.3.1-5) (GCC)) #1 SMP
bind9.14.2
general: critical: resolver.c:4908: INSIST(dns_name_issubdomain(&fctx->name, &fctx->domain)) failed
general: critical: exiting (due to assertion failure)
Summary
(Summarize the bug encountered concisely.)
BIND version used
BIND 9.14.2 (Stable Release) id:7a62b30 running on Linux x86_64 4.14.114-103.97.amzn2.x86_64 #1 SMP Sun Apr 28 03:59:40 UTC 2019 built by make with '-prefix=/var/named' '--enable-threads' '--enable-epoll' '--enable-fetchlimi' '--disable-openssl-version-check' '--with-dlz-filesystem' compiled by GCC 7.3.1 20180303 (Red Hat 7.3.1-5) compiled with OpenSSL version: OpenSSL 1.0.2k 26 Jan 2017 linked to OpenSSL version: OpenSSL 1.0.2k-fips 26 Jan 2017 compiled with zlib version: 1.2.7 linked to zlib version: 1.2.7 threads support is enabled
default paths: named configuration: /var/named/etc/named.conf rndc configuration: /var/named/etc/rndc.conf DNSSEC root key: /var/named/etc/bind.keys nsupdate session key: /var/named/var/run/named/session.key named PID file: /var/named/var/run/named/named.pid named lock file: /var/named/var/run/named/named.lock
Steps to reproduce
After the program has been running for some time
What is the current bug behavior?
Bind randomly goes nuts with critical: exiting (due to assertion failure)
What is the expected correct behavior?
(What you should see instead.)
Relevant configuration files
(Paste any relevant configuration files - please use code blocks (```)
to format console output. If submitting the contents of your
configuration file in a non-confidential Issue, it is advisable to
obscure key secrets: this can be done automatically by using
named-checkconf -px
.)
Relevant logs and/or screenshots
(Paste any relevant logs - please use code blocks (```) to format console output, logs, and code, as it's very hard to read otherwise.)
Possible fixes
(If you can, link to the line of code that might be responsible for the problem.)
/label ~bug
Incident tracking page
https://wiki.isc.org/bin/view/Main/SecurityIncidentChecklist20196476QminAndForwarders