Bug 528

Summary: Segfault with non-recursive query on stub-zone (via allow_snoop)
Product: unbound Reporter: Pieter Ennes <pieterennes>
Component: serverAssignee: unbound team <unbound-team>
Severity: major CC: yuri
Priority: P5    
Version: 1.4.17   
Hardware: i386   
OS: Linux   
Attachments: unbound.log

Description Pieter Ennes 2013-10-18 22:56:26 CEST
Created attachment 239 [details]

I see a segfault on Debian 7.0 (Unbound 1.4.17):

Oct 18 22:48:01 pooh kernel: [43090.846666] unbound[8298]: segfault at c ip 080a9398 sp bf964830 error 4 in unbound[8048000+b3000]

when issuing a non-recursive query:

  $ dig -4 +norecurse test.com._tldns.dnsben.ch PTR @

  ; <<>> DiG 9.9.2-P1 <<>> -4 +norecurse test.com._tldns.dnsben.ch PTR @
  ;; global options: +cmd
  ;; connection timed out; no servers could be reached

to Unbound when using the following config:

        access-control: allow_snoop

        # allow only our zone
        local-zone: "." deny
        local-zone: "_tldns.dnsben.ch." transparent

        name: "_tldns.dnsben.ch"
        stub-prime: no
        stub-first: no

The segfault is NOT seen when either changing:

- the stub-zone to a similar forward-zone
- the query flags to include RD
- allow_snoop to allow (which then correctly returns REFUSED)

Log is attached, I can email the entire config privately if needed.
Comment 1 Yuri Schaeffer 2013-10-22 14:22:26 CEST
Thank you for reporting. The bug has been fixed in svn r2994 and will be part of next release. As a workaround you can set Unbound's loglevel <= 2.