Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

dmarc_dns_get_record() calls res_ninit() without zeroing resp first #245

Open
Bill-Sommerfeld opened this issue Sep 5, 2023 · 1 comment
Open

dmarc_dns_get_record() calls res_ninit() without zeroing resp first #245

Bill-Sommerfeld opened this issue Sep 5, 2023 · 1 comment

Comments

@Bill-Sommerfeld
Copy link

The documentation of res_ninit() is inconsistent across different operating systems but generally the caller must zero some or all of the argument structure before calling res_ninit()

This is done consistently in opendmarc_spf_dns.c (memset before res_ninit) but not in opendmarc_dns.c:

OpenDMARC/libopendmarc/opendmarc_dns.c

Lines 205 to 207 in 9cebf72

#ifdef HAVE_RES_NINIT
res_ninit(&resp);
#ifdef RES_USE_DNSSEC

I got a burst of crashes a few hours after enabling opendmarc:

libc.so.1`_free_unlocked+0x16()
libresolv.so.2`res_ndestroy+0x27(fffffc7fee919950)
libresolv.so.2`__res_vinit+0x45(fffffc7fee919950, 0)
libresolv.so.2`res_ninit+0x10(fffffc7fee919950)
libopendmarc.so.2.0.3`dmarc_dns_get_record+0x159(ffffffffffffffff, ffffffffffffffff, fffffc7fee91bbd0)
0xffffffffffffffff()

evidently due to non-zero stack garbage in the memory used for resp. Fix is straightforward:

--- libopendmarc/opendmarc_dns.c.~1~	Tue Sep  5 09:42:40 2023
+++ libopendmarc/opendmarc_dns.c	Tue Sep  5 09:42:57 2023
@@ -203,6 +203,7 @@
 		++bp;
 
 #ifdef HAVE_RES_NINIT   
+	memset(&resp, '\0', sizeof resp);
 	res_ninit(&resp);
 #ifdef RES_USE_DNSSEC
 	resp.options |= RES_USE_DNSSEC;
@futatuki
Copy link

I could confirm that your patch fixes the crash when the milter was called on the end of the message every times on FreeBSD 14.1-RELEASE. Thank you.

(On FreeBSD 14.0-RELEASE, HAVE_RES_NINIT was not defined because of the issue #257)

nanorkyo added a commit to nanorkyo/freebsd-ports that referenced this issue Aug 7, 2024
@nanorkyo
mail/opendmarc: Fix crash on FreeBSD >= 14.1
259dc34 
PR:		279780
Obtained from:	trusteddomainproject/OpenDMARC#245
Tested by:	leres, John R <[email protected]>
Approved by:	hrs (mentor), maintainer timeout
freebsd-git pushed a commit to freebsd/freebsd-ports that referenced this issue Aug 8, 2024
@nanorkyo
mail/opendmarc: Fix crash on FreeBSD >= 14.1
e6b99be 
PR:		279780
Obtained from:	trusteddomainproject/OpenDMARC#245
Tested by:	leres, John R <[email protected]>
Approved by:	hrs (mentor), maintainer timeout (6 weeks)
nanorkyo pushed a commit to nanorkyo/freebsd-ports that referenced this issue Aug 10, 2024
@nanorkyo
mail/opendmarc: Fix crash on FreeBSD >= 14.1
0e91769 
PR:		279780
Obtained from:	trusteddomainproject/OpenDMARC#245
Tested by:	leres, John R <[email protected]>
Approved by:	hrs (mentor), maintainer timeout (6 weeks)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@futatuki @Bill-Sommerfeld