SIGSEGV in rbtree_find_less_equal

Question

SIGSEGV in rbtree_find_less_equal

Closed this issue 13 days ago · 1 comments

As reported on nsd-users.

Reproducible seg fault with a DNSSEC signed zone and overlapping config. Running NSD 4.10.1. Here's how to reproduce.

2 zones in nsd.conf:

zone:
        name:     "foo.com."
        zonefile:     "/zones/foo.com.zone.signed"

zone:
        name:     "bar.foo.com."
        zonefile: "/zones/bar.foo.com.zone"

Zone files:
foo.com.zone.signed is DNSSEC signed with a record for a.bar (A record or anything)
bar.foo.com.zone doesn't exist (but it's in nsd.conf shown above)

Steps:

Startup NSD
touch foo.com.zone.signed
reload NSD

nsd.log will say:

[2024-10-02 07:19:58.691] nsd[962739]: info: control cmd:  reload
[2024-10-02 07:19:58.845] nsd[962752]: error: handle_reload_cmd: reload closed cmd channel
[2024-10-02 07:19:58.845] nsd[962752]: warning: Reload process 962740 failed, continuing with old database

core dump says SIGSEGV in rbtree_find_less_equal

Answer 1 · 2024-10-09T11:57:52.000Z

The issue can be successfully reproduced using a debug build and the attached configuration.
nsd.conf
foo.com.zone.signed