Bug 1446 - A corrupted zone file "propagates" to good ones
A corrupted zone file "propagates" to good ones
Product: NSD
Classification: Unclassified
Component: NSD Code
x86_64 Linux
: P5 enhancement
Assigned To: NSD team
Depends on:
  Show dependency treegraph
Reported: 2017-09-16 03:20 CEST by Simon Deziel
Modified: 2017-09-18 17:53 CEST (History)
1 user (show)

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description Simon Deziel 2017-09-16 03:20:38 CEST

I'm testing the robustness of nsd by attempting to load broken zones.
To test that out, I generated a zone file for "example.com" using dd if=/dev/urandom and tried loading it.

nsd started despite the badly broken zone but didn't load the other "sane" zone (sdeziel.info). Instead, it (wrongly) reported the 2 as being broken:

error: example.com:2: zone configured as 'example.com' has no SOA record.
zone example.com file example.com read with 4 errors
error: sdeziel.info:2: unrecognized RR type 'B<BB><8C>N<F9>!<B0>^W,<E0>6A-<E6><F1><99>^G<C7>Z<CA>sp<9C><95><DB><FB>_^B<D1><EA>^_'

If I stop trying to load the broken example.com zone file, nsd stops complaining and happily loads sdeziel.info. In an ideal world, I'd expect nsd to report the brokenness of example.com and move on to properly load the sane zone.

I've include a tarball of my config, the sane and broken zones as well as journalctl's output. That was enough for me to reliably trigger the bug, let me know if that doesn't work for you.

Thanks and kind regards,
Comment 1 Wouter Wijngaards 2017-09-18 16:08:22 CEST
Hi Simon,

Fixed the problem.  This fix is in the software repository, it flushes the flex buffer and resets the lexical state.

Thank you for reporting the problem.

Best regards, Wouter
Comment 2 Simon Deziel 2017-09-18 17:53:17 CEST
Hi Wouter,

What an impressive turn around (as always)! Thanks.

I don't know if you've heard of the OSS-Fuzz initiative but I think it would be nice for nsd/unbound/ldns to be part of it [1]. Google offers rewards to OSS projects that take the effort of integrating fuzzing [2].

Thank and regards,

[1] https://github.com/google/oss-fuzz/blob/master/docs/new_project_guide.md
[2] https://opensource.googleblog.com/2017/05/oss-fuzz-five-months-later-and.html