[rbldnsd] Announce: rbldnsd-0.994 released

Michael Tokarev mjt at tls.msk.ru
Sat Dec 18 17:37:52 MSK 2004 

Today I released version 0.994 of rbldnsd package.
This is a bugfix release, wich mostly fixes probs
with master-format dump of the data, and also fixes
a small memory leak which happens with rarely-used
feature of the package.

Thanks to Furio Ercolessi, who found some probs with
master-format dump (for named etc) of the data as
produced by rbldnsd.  Namely, some networks which
should be listed are not treated as such by named
after reading data produced by rbldnsd, in some
cases.  For example, having two entries in rbldnsd
ip4set file:

   127.0.0.0/8	listed1
   127.0.0.2	listed2

rbldnsd generated only two RRsets (simplified):

       *.127  listed1
   2.0.0.127  listed2

which causes named to return NXDOMAIN for eg
2.1.0.127 or 3.0.0.127.  Proper dump in this
case should contain 2 additional RRsets:

       *.127  listed1
     *.0.127  listed1
   *.0.0.127  listed1
   2.0.0.127  listed2

The fix wasn't simple, but it finally worked.
Big thanks to Amos Jeffries, who gave me idea
about how to do it.

There was also another bug in dumping of ip4trie
data, resulting in some records missing in output
due to incorrect function return value checking,
also fixed in this version.

The memory leak is with data that uses $n-style
substitutions, which does not appears with most
data, but I still consider it to be serious, since
the leak is triggerable remotely, by providing
"special" data file (no, it isn't possible to
trigger it by sending DNS queries, and the bug
is not "exploitable" in a sense that someone is
able to gain control over your server - just a
leak which may only lead to denial of service,
when after some time your server may terminate
due to out-of-memory condition).  Another
"brown paper bug" it is, -- memory used by every
$n where leaked on every reload, due to me using
strdup() routine instead of mp_strdup() -- the
latter uses "mempool" which gets freed all at
once on reload.

It is recommended to upgrade your package, especially
if you're using untrusted data (the memory leak),
and if you're building master-format files.

Excerpt from the NEWS file:

0.994 (18 Dec 2004)

  - bugfix: fix a memory leak when $n-style substitutions
    are being used: each $n definition resulted in a leak
    of the substitution text on every reload (used estrdup()
    but should be using mp_strdup())
  - feature, sort of: allow to omit support for -d option,
    thus eliminating some bloat: DEFS = -DNO_MASTER_DUMP
  - bugfix: fixed master-format dump (-d) for ip4trie - some
    ranges weren't expanding properly, resulting in missing entries
  - bugfix: fixed master-format dump (-d) for ip4set: when
    we have two entries in input:
      127.0.0.0/8 a
      127.0.0.2   b
    for master-format dump there should be 4 lines, not 2 as
    before:
      2.0.0.127  b  (was ok before)
      *.0.0.127  a  (was missing)
        *.0.127  a  (was missing)
          *.127  a  (was ok before)
    Without the two intermediate lines, named returns NXDOMAIN
    for eg 3.0.0.127 or x.1.0.127.  Quite an.. interesting case...

As usual, rbldnsd can be downloaded from
  http://www.corpit.ru/mjt/rbldnsd.html (homepage)
  http://www.corpit.ru/mjt/rbldnsd/     (source and some binary pkgs)
  http://www.corpit.ru/mjt/rbldnsd/NEWS (news file)

Enjoy.

/mjt

More information about the rbldnsd mailing list