GNU bug report logs - #25757
Fix segfault when adns_strerror() is called with a value, for which there is no message defined

Please note: This is a static page, with minimal formatting, updated once a day.
Click here to see this page with the latest information and nicer formatting.

Package: adns; Reported by: Tomas Hozza <thozza@HIDDEN>; dated Thu, 16 Feb 2017 16:36:02 UTC; Maintainer for adns is adns-discuss@HIDDEN.

Message received at 25757 <at> debbugs.gnu.org:


Received: (at 25757) by debbugs.gnu.org; 27 Feb 2017 17:29:32 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Mon Feb 27 12:29:32 2017
Received: from localhost ([127.0.0.1]:58615 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1ciP76-0001pd-Ez
	for submit <at> debbugs.gnu.org; Mon, 27 Feb 2017 12:29:32 -0500
Received: from chiark.greenend.org.uk ([212.13.197.229]:38756
 ident=Debian-exim) by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ijackson@HIDDEN>) id 1ciP74-0001pV-Oq
 for 25757 <at> debbugs.gnu.org; Mon, 27 Feb 2017 12:29:31 -0500
Received: by chiark.greenend.org.uk (Debian Exim 4.84_2 #1) with local
 (return-path ijackson@HIDDEN)
 id 1ciP73-00037K-Jc; Mon, 27 Feb 2017 17:29:29 +0000
From: Ian Jackson <ijackson@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <22708.25081.508647.685714@HIDDEN>
Date: Mon, 27 Feb 2017 17:29:29 +0000
To: Tomas Hozza <thozza@HIDDEN>
Subject: Re: bug#25757: Fix segfault when adns_strerror() is called with a
 value, for which there is no message defined
Newsgroups: chiark.mail.adns.discuss
In-Reply-To: <89d0baf6-7216-499f-ba18-9f5ae7909be6@HIDDEN>
References: <89d0baf6-7216-499f-ba18-9f5ae7909be6@HIDDEN>
X-Mailer: VM 8.2.0b under 24.4.1 (i586-pc-linux-gnu)
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 25757
Cc: 25757 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -2.3 (--)

Tomas Hozza writes ("bug#25757: Fix segfault when adns_strerror() is called with a value, for which there is no message defined"):
> In Fedora, we are carrying a downstream patch to fix segfault when adns_strerror() is called with a value, for which there is no message defined. You can find more info in https://bugzilla.redhat.com/show_bug.cgi?id=514838

Hi.  Thanks for getting in touch.

> It would be great if you could consider including this change also in the upstream sources. If you have any questions, please reach out to me.

The bug report gives a step to reproduce of

    printf("%s\n", adns_strerror(100));

But the documentation for adns_strerror in adns.h says

    You MUST NOT call these functions with status values
    not returned by the same adns library.

So I think this test case is caller error.  Presumably there was some
real application that went wrong, but the bug report doesn't say what
the motivation or context was for this change.

It would perhaps be possible to improve adns here to make this use
not segfault, but:
 * I don't think it would be right to return a fixed string,
   for different error codes (since the caller might print the
   string _instead of_ the invalid error code)
 * Variable strings would have to be allocated somewhere and
   there is nowhere suitable
 * So probably adns_strerror would return NULL, rather than crashing,
   which is perhaps preferable but not much of an improvement.

Regards,
Ian.




Information forwarded to adns-discuss@HIDDEN:
bug#25757; Package adns. Full text available.

Message received at submit <at> debbugs.gnu.org:


Received: (at submit) by debbugs.gnu.org; 16 Feb 2017 16:35:04 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Thu Feb 16 11:35:04 2017
Received: from localhost ([127.0.0.1]:42412 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1ceP1M-0003tU-4p
	for submit <at> debbugs.gnu.org; Thu, 16 Feb 2017 11:35:04 -0500
Received: from mx1.redhat.com ([209.132.183.28]:50404)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <thozza@HIDDEN>) id 1ceN8h-0000xi-Cl
 for submit <at> debbugs.gnu.org; Thu, 16 Feb 2017 09:34:31 -0500
Received: from int-mx10.intmail.prod.int.phx2.redhat.com
 (int-mx10.intmail.prod.int.phx2.redhat.com [10.5.11.23])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by mx1.redhat.com (Postfix) with ESMTPS id 312428123E
 for <submit <at> debbugs.gnu.org>; Thu, 16 Feb 2017 14:34:26 +0000 (UTC)
Received: from thozza-pc.brq.redhat.com (thozza-pc.brq.redhat.com
 [10.34.4.205])
 by int-mx10.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id
 v1GEYOrH018565
 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO)
 for <submit <at> debbugs.gnu.org>; Thu, 16 Feb 2017 09:34:25 -0500
To: submit <at> debbugs.gnu.org
From: Tomas Hozza <thozza@HIDDEN>
Subject: Fix segfault when adns_strerror() is called with a value, for which
 there is no message defined
Message-ID: <89d0baf6-7216-499f-ba18-9f5ae7909be6@HIDDEN>
Date: Thu, 16 Feb 2017 15:34:23 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101
 Thunderbird/45.7.0
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="------------757F7769311812187734BFAB"
X-Scanned-By: MIMEDefang 2.68 on 10.5.11.23
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16
 (mx1.redhat.com [10.5.110.25]); Thu, 16 Feb 2017 14:34:26 +0000 (UTC)
X-Spam-Score: -5.0 (-----)
X-Debbugs-Envelope-To: submit
X-Mailman-Approved-At: Thu, 16 Feb 2017 11:35:03 -0500
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -5.0 (-----)

This is a multi-part message in MIME format.
--------------757F7769311812187734BFAB
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit

Package: adns

Hello.

In Fedora, we are carrying a downstream patch to fix segfault when adns_strerror() is called with a value, for which there is no message defined. You can find more info in https://bugzilla.redhat.com/show_bug.cgi?id=514838

It would be great if you could consider including this change also in the upstream sources. If you have any questions, please reach out to me.

Regards,
Tomas
-- 
Tomas Hozza
Associate Manager, Software Engineering - EMEA ENG Mainstream RHEL

PGP: 1D9F3C2D
UTC+1 (CET)
Red Hat Inc.                 http://cz.redhat.com

--------------757F7769311812187734BFAB
Content-Type: text/x-patch;
 name="adns14-rh514838.patch"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
 filename="adns14-rh514838.patch"

diff --git a/src/general.c b/src/general.c
index c4d1f55..bacdd81 100644
--- a/src/general.c
+++ b/src/general.c
@@ -272,6 +272,8 @@ static const struct sinfo {
   SINFO( nodata,              "No such data"                                 )
 };
 
+static const char *unknown_error_str = "unknown error code";
+
 static int si_compar(const void *key, const void *elem) {
   const adns_status *st= key;
   const struct sinfo *si= elem;
@@ -288,7 +290,7 @@ const char *adns_strerror(adns_status st) {
   const struct sinfo *si;
 
   si= findsinfo(st);
-  return si->string;
+  return (si == NULL) ? unknown_error_str : si->string;
 }
 
 const char *adns_errabbrev(adns_status st) {

--------------757F7769311812187734BFAB--




Acknowledgement sent to Tomas Hozza <thozza@HIDDEN>:
New bug report received and forwarded. Copy sent to adns-discuss@HIDDEN. Full text available.
Report forwarded to adns-discuss@HIDDEN:
bug#25757; Package adns. Full text available.
Please note: This is a static page, with minimal formatting, updated once a day.
Click here to see this page with the latest information and nicer formatting.
Last modified: Mon, 27 Feb 2017 17:45:01 UTC

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997 nCipher Corporation Ltd, 1994-97 Ian Jackson.