Skip to content

GitLab

Open
Created by Philip Prindeville@pprindeville

isc-dhcp server crashing when applying dynamic dns updates to bind

Describe the bug Attempting to configure a DHCP server to update the local BIND server via the rndc channel, but it's crashing on the first update in a catalog-related function.

To Reproduce Steps to reproduce the behavior:

  1. Run dhcpd with the config below.

  2. A client requests a lease, and dhcpd sends an update to bind.

  3. Bind responds to dhcpd, which promptly segfaults.

  4. See error

Dec 10 16:47:56 OpenWrt dhcpd: DHCPREQUEST for 192.168.2.7 from 14:7d:da:30:e6:2d via eth0.2
Dec 10 16:47:56 OpenWrt dhcpd: DHCPACK on 192.168.2.7 to 14:7d:da:30:e6:2d via eth0.2
Dec 10 16:47:56 OpenWrt named[12134]: client @0x6242a00 127.0.0.1#40875/key rndc-key: update 'redfish-solutions.com/IN' denied
Dec 10 16:47:56 OpenWrt kernel: [276717.908462] dhcpd[14927]: segfault at 3 ip 00007f62152aba4b sp 00007ffe57143ce0 error 4 in libc.so[7f621529d000+49000]

and the backtrace:

(gdb) info stack
#0  0x00007f66d350aa4b in catgets (catd=0xffffffffffffffff, set_id=2, 
    msg_id=1, s=0x5bd0cc "success") at src/locale/catgets.c:19
#1  0x0000000000593aa9 in isc_result_tomany_helper.isra ()
#2  0x000000000056a6b5 in req_response ()
#3  0x0000000000599c64 in isc.taskmgr_dispatch ()
#4  0x000000000059c78e in evloop ()
#5  0x000000000059cb1c in isc.app_ctxrun ()
#6  0x00000000004451eb in dispatch ()
#7  0x000000000040529a in main ()
(gdb)

and the dependencies of dhcpd when built for x86_64 on OpenWRT master:

root@OpenWrt:~# ldd /usr/sbin/dhcpd
	/lib/ld-musl-x86_64.so.1 (0x7f502f253000)
	libgcc_s.so.1 => /lib/libgcc_s.so.1 (0x7f502f23f000)
	libc.so => /lib/ld-musl-x86_64.so.1 (0x7f502f253000)
root@OpenWrt:~#

Expected behavior Misconfiguration should result it errors, not crashes.

Environment:

  • 4.4.1
  • OpenWRT x86_64 w/ MUSL
  • Configured (through the packaging system) as:
AR="x86_64-openwrt-linux-musl-gcc-ar" AS="x86_64-openwrt-linux-musl-gcc -c -Os -pipe -fno-caller-saves -fno-plt -fhonour-copts -Wno-error=unused-but-set-variable -Wno-error=unused-result -fmacro-prefix-map=/home/philipp/lede/build_dir/target-x86_64_musl/isc-dhcp-ipv6/dhcp-4.4.1=dhcp-4.4.1 -Wformat -Werror=format-security -fstack-protector -D_FORTIFY_SOURCE=1 -Wl,-z,now -Wl,-z,relro -fcommon" LD=x86_64-openwrt-linux-musl-ld NM="x86_64-openwrt-linux-musl-gcc-nm" CC="x86_64-openwrt-linux-musl-gcc" GCC="x86_64-openwrt-linux-musl-gcc" CXX="x86_64-openwrt-linux-musl-g++" RANLIB="x86_64-openwrt-linux-musl-gcc-ranlib" STRIP=x86_64-openwrt-linux-musl-strip OBJCOPY=x86_64-openwrt-linux-musl-objcopy OBJDUMP=x86_64-openwrt-linux-musl-objdump SIZE=x86_64-openwrt-linux-musl-size CFLAGS="-Os -pipe -fno-caller-saves -fno-plt -fhonour-copts -Wno-error=unused-but-set-variable -Wno-error=unused-result -fmacro-prefix-map=/home/philipp/lede/build_dir/target-x86_64_musl/isc-dhcp-ipv6/dhcp-4.4.1=dhcp-4.4.1 -Wformat -Werror=format-security -fstack-protector -D_FORTIFY_SOURCE=1 -Wl,-z,now -Wl,-z,relro -fcommon " CXXFLAGS="-Os -pipe -fno-caller-saves -fno-plt -fhonour-copts -Wno-error=unused-but-set-variable -Wno-error=unused-result -fmacro-prefix-map=/home/philipp/lede/build_dir/target-x86_64_musl/isc-dhcp-ipv6/dhcp-4.4.1=dhcp-4.4.1 -Wformat -Werror=format-security -fstack-protector -D_FORTIFY_SOURCE=1 -Wl,-z,now -Wl,-z,relro -fcommon " CPPFLAGS="-I/home/philipp/lede/staging_dir/toolchain-x86_64_gcc-8.4.0_musl/usr/include -I/home/philipp/lede/staging_dir/toolchain-x86_64_gcc-8.4.0_musl/include/fortify -I/home/philipp/lede/staging_dir/toolchain-x86_64_gcc-8.4.0_musl/include " LDFLAGS="-L/home/philipp/lede/staging_dir/toolchain-x86_64_gcc-8.4.0_musl/usr/lib -L/home/philipp/lede/staging_dir/toolchain-x86_64_gcc-8.4.0_musl/lib -znow -zrelro "   ./configure --target=x86_64-openwrt-linux --host=x86_64-openwrt-linux --build=x86_64-pc-linux-gnu --program-prefix="" --program-suffix="" --prefix=/usr --exec-prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin --libexecdir=/usr/lib --sysconfdir=/etc --datadir=/usr/share --localstatedir=/var --mandir=/usr/man --infodir=/usr/info   --enable-paranoia --disable-dependency-tracking --with-randomdev=/dev/urandom ac_cv_file__dev_random=yes --enable-dhcpv6

Additional Information My config:

authoritative;
ddns-domainname "redfish-solutions.com.";
ddns-rev-domainname "in-addr.arpa.";
ddns-update-style interim;
ignore client-updates;
update-static-leases on;
use-host-decl-names on;
option domain-name "redfish-solutions.com.";
include "/tmp/run/dhcpd-rndc.key";
update-optimization off;
update-conflict-detection off;
# include "/etc/bind/rndc.conf";

zone redfish-solutions.com. {
	primary 127.0.0.1;
	key rndc-key;
}

zone 168.192.in-addr.arpa. {
	primary 127.0.0.1;
	key rndc-key;
}

log-facility daemon;
default-lease-time 3600;
max-lease-time 86400;
option domain-name "redfish-solutions.com";

# additional codes
option classless-ipv4-route code 121 = array of { unsigned integer 8 };

subnet 192.168.1.0 netmask 255.255.255.0 {
 range 192.168.1.128 192.168.1.160;
 option subnet-mask 255.255.255.0;
 option broadcast-address 192.168.1.255;
 default-lease-time 43200;
 max-lease-time 43200;
 option routers 192.168.1.252;
 option domain-name-servers 192.168.1.252;
 option domain-search "redfish-solutions.com", "redfish-consulting.com";
 option ntp-servers 192.168.1.40, 192.168.1.252;
}
subnet 192.168.2.0 netmask 255.255.255.0 {
 range 192.168.2.16 192.168.2.254;
 option subnet-mask 255.255.255.0;
 option broadcast-address 192.168.2.255;
 default-lease-time 3600;
 max-lease-time 3600;
 option routers 192.168.2.1;
 option domain-name-servers 192.168.2.1;
 option domain-search "redfish-solutions.com", "redfish-consulting.com";
 option ntp-servers 192.168.1.40, 192.168.2.1;
}
host pbx {
 fixed-address 192.168.1.1;
 option host-name "pbx";
}
...

Some initial questions N/A

Is your feature request related to a problem? Please describe. N/A

Describe the solution you'd like It would be nice if (1) it didn't crash, obviously, and (2) there was a top-level build option to disable message catalogs, like --disable-nls.

Describe alternatives you've considered If I patch dhcp-4.4.1/bind/Makefile.in as:

...
 		(cd ${bindsrcdir} &&                                    \
+                 ac_cv_func_catgets=no                                 \
                  ./configure ${bindconfig} > ${binddir}/configure.log); \
...

then I don't see this problem.

Additional context N/A

Funding its development N/A

Participating in development I'm willing to spend time developing and/or testing a fix.

Contacting you philipp@redfish-solutions.com