GNU bug report logs - #25757
Fix segfault when adns_strerror() is called with a value, for which there is no message defined

Previous Next

To reply to this bug, email your comments to 25757 AT debbugs.gnu.org.

Toggle the display of automated, internal messages from the tracker.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Tomas Hozza <thozza <at> redhat.com>
To: submit <at> debbugs.gnu.org
Subject: Fix segfault when adns_strerror() is called with a value, for which
 there is no message defined
Date: Thu, 16 Feb 2017 15:34:23 +0100

[Message part 1 (text/plain, inline)]

Package: adns

Hello.

In Fedora, we are carrying a downstream patch to fix segfault when adns_strerror() is called with a value, for which there is no message defined. You can find more info in https://bugzilla.redhat.com/show_bug.cgi?id=514838

It would be great if you could consider including this change also in the upstream sources. If you have any questions, please reach out to me.

Regards,
Tomas
-- 
Tomas Hozza
Associate Manager, Software Engineering - EMEA ENG Mainstream RHEL

PGP: 1D9F3C2D
UTC+1 (CET)
Red Hat Inc.                 http://cz.redhat.com

[adns14-rh514838.patch (text/x-patch, attachment)]

Message #8 received at 25757 <at> debbugs.gnu.org (full text, mbox):

From: Ian Jackson <ijackson <at> chiark.greenend.org.uk>
To: Tomas Hozza <thozza <at> redhat.com>
Cc: 25757 <at> debbugs.gnu.org
Subject: Re: bug#25757: Fix segfault when adns_strerror() is called with a
 value, for which there is no message defined
Date: Mon, 27 Feb 2017 17:29:29 +0000

Tomas Hozza writes ("bug#25757: Fix segfault when adns_strerror() is called with a value, for which there is no message defined"):
> In Fedora, we are carrying a downstream patch to fix segfault when adns_strerror() is called with a value, for which there is no message defined. You can find more info in https://bugzilla.redhat.com/show_bug.cgi?id=514838

Hi.  Thanks for getting in touch.

> It would be great if you could consider including this change also in the upstream sources. If you have any questions, please reach out to me.

The bug report gives a step to reproduce of

    printf("%s\n", adns_strerror(100));

But the documentation for adns_strerror in adns.h says

    You MUST NOT call these functions with status values
    not returned by the same adns library.

So I think this test case is caller error.  Presumably there was some
real application that went wrong, but the bug report doesn't say what
the motivation or context was for this change.

It would perhaps be possible to improve adns here to make this use
not segfault, but:
 * I don't think it would be right to return a fixed string,
   for different error codes (since the caller might print the
   string _instead of_ the invalid error code)
 * Variable strings would have to be allocated somewhere and
   there is nowhere suitable
 * So probably adns_strerror would return NULL, rather than crashing,
   which is perhaps preferable but not much of an improvement.

Regards,
Ian.

Message #11 received at 25757 <at> debbugs.gnu.org (full text, mbox):

From: Ian Jackson <ijackson <at> chiark.greenend.org.uk>
To: Tomas Hozza <thozza <at> redhat.com>
Cc: 25757 <at> debbugs.gnu.org
Subject: Re: bug#25757: Fix segfault when adns_strerror() is called with a
 value, for which there is no message defined
Date: Wed, 1 Mar 2017 18:43:54 +0000

(CCing the bug report again.  Please let us keep the bug in the CC, so
that others can see and help and so on.  Thanks.)

Tomas Hozza writes ("Re: bug#25757: Fix segfault when adns_strerror() is called with a value, for which there is no message defined"):
> The reproducer is actually also:
> 
> int main(void) {
>     printf("%s\n", adns_strerror(adns_s_inconsistent));
>     printf("%s\n", adns_strerror(adns_s_max_misconfig));
> }
> 
> which uses values defined by adns.

The header file says:

> >     You MUST NOT call these functions with status values
> >     not returned by the same adns library.

These values were not `returned'.  Perhaps this could be clarified in
the documentation.

> In my opinion NULL is not really a good option, as the function is expected to return a string and therefore people will usually use it in print functions. Maybe the same approach as used by strerror() could be used:

The real question for me is why someone would do
    adns_strerror(adns_s_inconsistent))
at all.  If we knew that we might be able to help them out.  I don't
think this is useful.  adns will never return that value from an
actual adns function.

Is it possible that in fact this whole thing is the result of a static
analysis tool observing that this code might segfault ?

> "The strerror(), strerror_l(), and the GNU-specific strerror_r() functions return the appropriate error description string, or an "Unknown error nnn" message if the error number is unknown."
> 
> This means the call would return the message with the error number, so that it is not lost.

This would be an option but this would involve dynamic allocation and
there is no good place to memoise the result.

> Do you want me to modify the fix or you'll implement something on your own?

Do you have an answer to my point about memoisation ?

Thanks,
Ian.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.