Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

NULL pointer dereference in domain_dname() #30

Closed
fcambus opened this issue Jul 31, 2019 · 1 comment
Closed

NULL pointer dereference in domain_dname() #30

fcambus opened this issue Jul 31, 2019 · 1 comment
Assignees

Comments

@fcambus
Copy link

@fcambus fcambus commented Jul 31, 2019

Hi,

While fuzzing nsd-checkzone with Honggfuzz, I found a NULL pointer dereference in the domain_dname() function.

I believe it was introduced by commit b4528a3.

Attaching a reproducer (gzipped so GitHub accepts it): zone04.gz

Issue can be reproduced by running:

nsd-checkzone all.rr zone04

In namedb.h L270 returning domain->dname results in a NULL pointer dereference because domain ends up being NULL:

#0  0x0000041f7a8f3e2b in domain_dname (domain=0x0) at namedb.h:270
270             return (dname_type *) domain->dname;
@wcawijngaards wcawijngaards self-assigned this Jul 31, 2019
@wcawijngaards

This comment has been minimized.

Copy link
Member

@wcawijngaards wcawijngaards commented Jul 31, 2019

Hi again! Thanks for the fuzzing action, this reveals nice corner cases. The domain name is missing and it tries to print it in the error message, but the earlier parse error makes the domain name NULL causing it to error in the error printout. I added a check for the domain name working.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
2 participants
You can’t perform that action at this time.