[Bug 197534] Repeatable segfault in unbound when re-reading config

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Wed Feb 11 10:27:19 UTC 2015


https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=197534

            Bug ID: 197534
           Summary: Repeatable segfault in unbound when re-reading config
           Product: Base System
           Version: 11.0-CURRENT
          Hardware: amd64
                OS: Any
            Status: New
          Severity: Affects Many People
          Priority: ---
         Component: bin
          Assignee: freebsd-bugs at FreeBSD.org
          Reporter: marcus at blazingdot.com

Sometimes during normal operation (network interface change, etc.) and when
unbound is manually sent a SIGHUP, it reloads its config. When it does that,
and it is already chrooted (as per default config in FreeBSD) it crashes.

This is due to the following code in contrib/unbound/util/config_file.c:

1200        /* translate username into uid and gid */
1201        if(cfg->username && cfg->username[0]) {
1202            struct passwd *pwd;
1203            if((pwd = getpwnam(cfg->username)) == NULL)
1204                log_err("user '%s' does not exist.", cfg->username);
1205            cfg->uid = pwd->pw_uid;
1206            cfg->gid = pwd->pw_gid;
1207        }

The crash occurs at line 1205.  As you can see, even though the call to
getpwnam() returns NULL because of a missing /etc/pwd.db in the chroot, an
error message is logged but it goes ahead and follows the null pointer
pwd->pw_uid anyway.

Furthermore, if a copy of /etc/pwd.db is placed in /var/unbound/etc/, the crash
does not happen on SIGHUP.

-- 
You are receiving this mail because:
You are the assignee for the bug.


More information about the freebsd-bugs mailing list