[net-dns-users] TSIG error when upgrading Debian Linux libnet-dns-perl package.
Jim Barber
jim.barber at primaryhealthcare.com.au
Thu Aug 7 03:25:47 UTC 2014
Hi.
Hopefully this is the correct mailing list to report an issue I've encountered.
I have a perl program that is called from a Linux DHCP server to provide secure updates to a MS Windows DNS server.
It uses the GSS-TSIG algorithm for signing the DNS requests.
In order to do this, the script authenticates to the Windows DNS server via kerberos.
This was working fine until I upgraded the libnet-dns-perl package in Debian that contains the Net::DNS perl modules.
When I backed the package out to the older version the script started working again.
The version of the Debian package that works is 0.68-1.2 and the version that doesn't is 0.78-1.
The version of Perl running on the system is 5.18.2 (Debian's 5.18.2-7 package)
When the program runs with the new version, the following error is produced:
*** FATAL PROGRAM ERROR!! Unknown method 'mode'
*** which the program has attempted to call for the object:
***
*** 6801348012840. 0 ANY TSIG
; algorithm: HMAC-MD5.SIG-ALG.REG.INT
; time signed: 1407323356 fudge: 36000
; signature:
; original id: 0
; NOERROR
***
*** This object does not have a method 'mode'. THIS IS A BUG
*** IN THE CALLING SOFTWARE, which incorrectly assumes that the
*** object would be of a particular type. The type of an object
*** should be checked before calling any of its methods.
at /usr/lib/perl5/Net/DNS/RR.pm line 213.
Net::DNS::RR::_new_hash called at /usr/lib/perl5/Net/DNS/RR.pm line 65
eval {...} called at /usr/lib/perl5/Net/DNS/RR.pm line 66
Net::DNS::RR::new('Net::DNS::RR', 'name', 6801348012840, 'type', 'TSIG', 'ttl', 0, 'class', 'ANY', ...) called at ./update_ms_secure_dns.pl line 657
in new Net::DNS::RR( name 6801348012840 type TSIG ttl 0 class ANY mode ... ) at ./update_ms_secure_dns.pl line 657.
The line in the perl program that triggered the error is:
my $sig = Net::DNS::RR->new(
name => $key_name,
type => "TSIG",
ttl => 0,
class => "ANY",
mode => 3,
algorithm => $algorithm,
time_signed => time,
fudge => 36000,
mac_size => 0,
mac => "",
error => 0,
other_len => 0,
other_data => "",
sign_func => \&gss_sign,
key => $gss_context,
);
The $key_name variable above is just a long random number.
The $algorithm variable is a string set to "gss.microsoft.com"
The &gss_sign function is a signing callback for TSIG.
The $gss_context variable is the result of calling a function that negotiates a TKEY with the DNS server.
If I chop the 'mode => 3,' part out from the code above and run it again I get the following error:
*** FATAL PROGRAM ERROR!! Unknown method 'mac_size'
*** which the program has attempted to call for the object:
***
*** 6190724876677. 0 ANY TSIG
; algorithm: gss.microsoft.com
; time signed: 1407324278 fudge: 300
; signature:
; original id: 0
; NOERROR
***
*** This object does not have a method 'mac_size'. THIS IS A BUG
*** IN THE CALLING SOFTWARE, which incorrectly assumes that the
*** object would be of a particular type. The type of an object
*** should be checked before calling any of its methods.
at /usr/lib/perl5/Net/DNS/RR.pm line 213.
Net::DNS::RR::_new_hash called at /usr/lib/perl5/Net/DNS/RR.pm line 65
eval {...} called at /usr/lib/perl5/Net/DNS/RR.pm line 66
Net::DNS::RR::new('Net::DNS::RR', 'name', 6190724876677, 'type', 'TSIG', 'ttl', 0, 'class', 'ANY', ...) called at ./update_ms_secure_dns.pl line 657
in new Net::DNS::RR( name 6190724876677 type TSIG ttl 0 class ANY mode ... ) at ./update_ms_secure_dns.pl line 657.
If I then chop the mac_size part out of the code I get the error:
*** FATAL PROGRAM ERROR!! Unknown method 'other_len'
*** which the program has attempted to call for the object:
***
*** 159686746509. 0 ANY TSIG
; algorithm: gss.microsoft.com
; time signed: 1407324076 fudge: 300
; signature:
; original id: 0
; NOERROR
***
*** This object does not have a method 'other_len'. THIS IS A BUG
*** IN THE CALLING SOFTWARE, which incorrectly assumes that the
*** object would be of a particular type. The type of an object
*** should be checked before calling any of its methods.
at /usr/lib/perl5/Net/DNS/RR.pm line 213.
Net::DNS::RR::_new_hash called at /usr/lib/perl5/Net/DNS/RR.pm line 65
eval {...} called at /usr/lib/perl5/Net/DNS/RR.pm line 66
Net::DNS::RR::new('Net::DNS::RR', 'name', 159686746509, 'type', 'TSIG', 'ttl', 0, 'class', 'ANY', ...) called at ./update_ms_secure_dns.pl line 657
in new Net::DNS::RR( name 159686746509 type TSIG ttl 0 class ANY algori ... ) at ./update_ms_secure_dns.pl line 657.
If I then chop out the other_len part then the errors go away but also the program no longer works.
>From version 0.68 to 0.78 of the Net::DNS perl module it looks like there were quite a lot of changes to the Net::DNS::RR::TSIG module.
Am I now (or always was) incorrectly using 'Net::DNS::RR->new' in that line of code shown above?
Or have I uncovered a bug?
Here is some more information about the system:
# perl -V
Summary of my perl5 (revision 5 version 18 subversion 2) configuration:
Platform:
osname=linux, osvers=3.14-1-amd64, archname=x86_64-linux-gnu-thread-multi
uname='linux estella 3.14-1-amd64 #1 smp debian 3.14.10-1 (2014-07-07) x86_64 gnulinux '
config_args='-Dusethreads -Duselargefiles -Dccflags=-DDEBIAN -fwrapv -D_FORTIFY_SOURCE=2 -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -Dldflags= -Wl,-z,relro -Dlddlflags=-shared -Wl,-z,relro -Dcccdlflags=-fPIC -Darchname=x86_64-linux-gnu -Dprefix=/usr -Dprivlib=/usr/share/perl/5.18 -Darchlib=/usr/lib/perl/5.18 -Dvendorprefix=/usr -Dvendorlib=/usr/share/perl5 -Dvendorarch=/usr/lib/perl5 -Dsiteprefix=/usr/local -Dsitelib=/usr/local/share/perl/5.18.2 -Dsitearch=/usr/local/lib/perl/5.18.2 -Dman1dir=/usr/share/man/man1 -Dman3dir=/usr/share/man/man3 -Dsiteman1dir=/usr/local/man/man1 -Dsiteman3dir=/usr/local/man/man3 -Duse64bitint -Dman1ext=1 -Dman3ext=3perl -Dpager=/usr/bin/sensible-pager -Uafs -Ud_csh -Ud_ualarm -Uusesfio -Uusenm -Ui_libutil -Uversiononly -DDEBUGGING=-g -Doptimize=-O2 -Duseshrplib -Dlibperl=libperl.so.5.18.2 -des'
hint=recommended, useposix=true, d_sigaction=define
useithreads=define, usemultiplicity=define
useperlio=define, d_sfio=undef, uselargefiles=define, usesocks=undef
use64bitint=define, use64bitall=define, uselongdouble=undef
usemymalloc=n, bincompat5005=undef
Compiler:
cc='cc', ccflags ='-D_REENTRANT -D_GNU_SOURCE -DDEBIAN -fwrapv -fstack-protector -fno-strict-aliasing -pipe -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64',
optimize='-O2 -g',
cppflags='-D_REENTRANT -D_GNU_SOURCE -DDEBIAN -fwrapv -fstack-protector -fno-strict-aliasing -pipe -I/usr/local/include'
ccversion='', gccversion='4.9.0', gccosandvers=''
intsize=4, longsize=8, ptrsize=8, doublesize=8, byteorder=12345678
d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=16
ivtype='long', ivsize=8, nvtype='double', nvsize=8, Off_t='off_t', lseeksize=8
alignbytes=8, prototype=define
Linker and Libraries:
ld='cc', ldflags =' -fstack-protector -L/usr/local/lib'
libpth=/usr/local/lib /lib/x86_64-linux-gnu /lib/../lib /usr/lib/x86_64-linux-gnu /usr/lib/../lib /lib /usr/lib
libs=-lgdbm -lgdbm_compat -ldb -ldl -lm -lpthread -lc -lcrypt
perllibs=-ldl -lm -lpthread -lc -lcrypt
libc=, so=so, useshrplib=true, libperl=libperl.so.5.18.2
gnulibc_version='2.19'
Dynamic Linking:
dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='-Wl,-E'
cccdlflags='-fPIC', lddlflags='-shared -L/usr/local/lib -fstack-protector'
Characteristics of this binary (from libperl):
Compile-time options: HAS_TIMES MULTIPLICITY PERLIO_LAYERS
PERL_DONT_CREATE_GVSV
PERL_HASH_FUNC_ONE_AT_A_TIME_HARD
PERL_IMPLICIT_CONTEXT PERL_MALLOC_WRAP
PERL_PRESERVE_IVUV PERL_SAWAMPERSAND USE_64_BIT_ALL
USE_64_BIT_INT USE_ITHREADS USE_LARGE_FILES
USE_LOCALE USE_LOCALE_COLLATE USE_LOCALE_CTYPE
USE_LOCALE_NUMERIC USE_PERLIO USE_PERL_ATOF
USE_REENTRANT_API
Locally applied patches:
DEBPKG:debian/cpan_definstalldirs - Provide a sensible INSTALLDIRS default for modules installed from CPAN.
DEBPKG:debian/db_file_ver - http://bugs.debian.org/340047 Remove overly restrictive DB_File version check.
DEBPKG:debian/doc_info - Replace generic man(1) instructions with Debian-specific information.
DEBPKG:debian/enc2xs_inc - http://bugs.debian.org/290336 Tweak enc2xs to follow symlinks and ignore missing @INC directories.
DEBPKG:debian/errno_ver - http://bugs.debian.org/343351 Remove Errno version check due to upgrade problems with long-running processes.
DEBPKG:debian/libperl_embed_doc - http://bugs.debian.org/186778 Note that libperl-dev package is required for embedded linking
DEBPKG:fixes/respect_umask - Respect umask during installation
DEBPKG:debian/writable_site_dirs - Set umask approproately for site install directories
DEBPKG:debian/extutils_set_libperl_path - EU:MM: Set location of libperl.a to /usr/lib
DEBPKG:debian/no_packlist_perllocal - Don't install .packlist or perllocal.pod for perl or vendor
DEBPKG:debian/prefix_changes - Fiddle with *PREFIX and variables written to the makefile
DEBPKG:debian/fakeroot - Postpone LD_LIBRARY_PATH evaluation to the binary targets.
DEBPKG:debian/instmodsh_doc - Debian policy doesn't install .packlist files for core or vendor.
DEBPKG:debian/ld_run_path - Remove standard libs from LD_RUN_PATH as per Debian policy.
DEBPKG:debian/libnet_config_path - Set location of libnet.cfg to /etc/perl/Net as /usr may not be writable.
DEBPKG:debian/mod_paths - Tweak @INC ordering for Debian
DEBPKG:debian/module_build_man_extensions - http://bugs.debian.org/479460 Adjust Module::Build manual page extensions for the Debian Perl policy
DEBPKG:debian/prune_libs - http://bugs.debian.org/128355 Prune the list of libraries wanted to what we actually need.
DEBPKG:fixes/net_smtp_docs - [rt.cpan.org #36038] http://bugs.debian.org/100195 Document the Net::SMTP 'Port' option
DEBPKG:debian/perlivp - http://bugs.debian.org/510895 Make perlivp skip include directories in /usr/local
DEBPKG:debian/cpanplus_definstalldirs - http://bugs.debian.org/533707 Configure CPANPLUS to use the site directories by default.
DEBPKG:debian/cpanplus_config_path - Save local versions of CPANPLUS::Config::System into /etc/perl.
DEBPKG:debian/deprecate-with-apt - http://bugs.debian.org/702096 Point users to Debian packages of deprecated core modules
DEBPKG:debian/squelch-locale-warnings - http://bugs.debian.org/508764 Squelch locale warnings in Debian package maintainer scripts
DEBPKG:debian/skip-upstream-git-tests - Skip tests specific to the upstream Git repository
DEBPKG:debian/patchlevel - http://bugs.debian.org/567489 List packaged patches for 5.18.2-7 in patchlevel.h
DEBPKG:debian/skip-kfreebsd-crash - http://bugs.debian.org/628493 [perl #96272] Skip a crashing test case in t/op/threads.t on GNU/kFreeBSD
DEBPKG:fixes/document_makemaker_ccflags - http://bugs.debian.org/628522 [rt.cpan.org #68613] Document that CCFLAGS should include $Config{ccflags}
DEBPKG:debian/find_html2text - http://bugs.debian.org/640479 Configure CPAN::Distribution with correct name of html2text
DEBPKG:debian/hurd_test_skip_stack - http://bugs.debian.org/650175 Disable failing GNU/Hurd tests dist/threads/t/stack.t
DEBPKG:fixes/manpage_name_Test-Harness - http://bugs.debian.org/650451 [rt.cpan.org #73399] cpan/Test-Harness: add NAME headings in modules with POD
DEBPKG:debian/makemaker-pasthru - http://bugs.debian.org/660195 [rt.cpan.org #28632] Make EU::MM pass LD through to recursive Makefile.PL invocations
DEBPKG:debian/perl5db-x-terminal-emulator.patch - http://bugs.debian.org/668490 Invoke x-terminal-emulator rather than xterm in perl5db.pl
DEBPKG:debian/cpan-missing-site-dirs - http://bugs.debian.org/688842 Fix CPAN::FirstTime defaults with nonexisting site dirs if a parent is writable
DEBPKG:fixes/memoize_storable_nstore - [rt.cpan.org #77790] http://bugs.debian.org/587650 Memoize::Storable: respect 'nstore' option not respected
DEBPKG:fixes/net_ftp_failed_command - [rt.cpan.org #37700] http://bugs.debian.org/491062 Net::FTP: cope gracefully with a failed command
DEBPKG:fixes/perlbug-patchlist - [3541c11] http://bugs.debian.org/710842 [perl #118433] Make perlbug look up the list of local patches at run time
DEBPKG:fixes/module_metadata_security_doc - [68cdd4b] CVE-2013-1437 documentation fix
DEBPKG:fixes/module_metadata_taint_fix - [bff978f] http://bugs.debian.org/722210 [rt.cpan.org #88576] untaint version, if needed, in Module::Metadata
DEBPKG:fixes/IPC-SysV-spelling - http://bugs.debian.org/730558 [rt.cpan.org #86736] Fix spelling of IPC_CREAT in IPC-SysV documentation
DEBPKG:fixes/goto-sub-crash - [bfa371b] http://bugs.debian.org/736187 [perl #119949] Stop undef *_, goto &sub from crashing
DEBPKG:debian/regcomp-mips-optim - http://bugs.debian.org/754054 Downgrade the optimization of regcomp.c on mips due to a gcc-4.9 bug
Built under linux
Compiled at Jul 14 2014 20:40:45
@INC:
/etc/perl
/usr/local/lib/perl/5.18.2
/usr/local/share/perl/5.18.2
/usr/lib/perl5
/usr/share/perl5
/usr/lib/perl/5.18
/usr/share/perl/5.18
/usr/local/lib/site_perl
.
The Operating system is the current Debian Testing distribution with all current updates applied.
The name server is a Windows Server 2012 domain controller with an Active Directory integrated DNS zone that accepts secure updates only.
Regards,
Jim
More information about the net-dns-users
mailing list