Ntk bug 0003
Report date: 11/10/2005 18:03
If you send a UDP packet to the DNS wrapper whith this characteristics:
Destination Host: IP of the victim Destination Port: 53 Data: an ip string, i.e. "81.111.11.111"
netsukuku_d of the victim crash
Debug and Output
(gdb) run
Starting program: /home/andrea/avvio/netsukuku/src/netsukuku_d -i eth0 -D -dddddddd
[Thread debugging using libthread_db enabled]
[New Thread 16384 (LWP 20713)]
# Andna Local Cache loaded
# Andna cache loaded
# Counter cache loaded
# Resolved hostnames cache loaded
# Hostnames file loaded
# Internal map loaded
# External map loaded
# Deleting the loopback network (leaving only 127.0.0.1)
* RTNETLINK answers (-3): No such process
* RTNETLINK answers (-3): No such process
* RTNETLINK answers (-3): No such process
# Activating ip_forward and disabling rp_filter
+ Setting the 10.0.0.75 ip to all the interfaces
# Activating all daemons
# Evocating the netsukuku udp daemon.
[New Thread 32769 (LWP 20716)]
[New Thread 16386 (LWP 20717)]
# Preparing the udp listening socket on port 269
# Udp daemon on port 269 up & running
# Evocating the netsukuku udp radar daemon.
[New Thread 32771 (LWP 20718)]
# Preparing the udp listening socket on port 271
# Udp daemon on port 271 up & running
# Evocating the netsukuku tcp daemon.
[New Thread 49156 (LWP 20719)]
# Preparing the tcp listening socket on port 269
# Tcp daemon on port 269 up & running
+ The hook begins. Starting to scan the area
+ Launching radar_scan 1 of 3
# Radar scan 0x52d21e7f activated
+ Launching radar_scan 2 of 3
# Radar scan 0x3c20de5c activated
+ Launching radar_scan 3 of 3
# Radar scan 0x4bdf72c0 activated
+ No nodes found! This is a black zone. Creating a new_gnode.
+ Setting the 181.107.159.118 ip to all the interfaces
+ Now we are in a brand new gnode. The ip 181.107.159.118 is now used.
+ Starting the second radar scan before sending our first tracer_pkt
+ Filling the kernel route table
+ Hook completed
[New Thread 65541 (LWP 20720)]
# Evocating radar daemon.
# Radar daemon up & running
# Evocating the andna udp daemon.
[New Thread 81926 (LWP 20721)]
# Preparing the udp listening socket on port 277
# Udp daemon on port 277 up & running
# Evocating the andna tcp daemon.
[New Thread 98311 (LWP 20722)]
# Preparing the tcp listening socket on port 277
# Tcp daemon on port 277 up & running
[New Thread 114696 (LWP 20723)]
# Evocating the DNS wrapper daemon.
[New Thread 131081 (LWP 20724)]
+ Modifying /etc/resolv.conf
# andna_register_hname: hash_gnode not found ;(
# Preparing the dns_udp listening socket on port 53
# DNS wrapper daemon on port 53 up & running
+ Starting the ANDNA hook.
# There are no nodes, skipping the ANDNA hook.
[Thread 114696 (LWP 20723) exited]
[New Thread 147464 (LWP 20725)]
DNSPacket::read: got packet (id 14385, flags 11825, qdcount 12593, ancount 11825, nscount 12590, arcount 12593, rcode 1)
DNSPacket::read: format error
Program received signal SIGABRT, Aborted.
[Switching to Thread 147464 (LWP 20725)]
0xb7c695f1 in kill () from /lib/libc.so.6
(gdb) bt
#0 0xb7c695f1 in kill () from /lib/libc.so.6
#1 0xb7f742e0 in pthread_kill () from /lib/libpthread.so.0
#2 0xb7f7463b in raise () from /lib/libpthread.so.0
#3 0xb7c691d2 in raise () from /lib/libc.so.6
#4 0xb7c6a9f0 in abort () from /lib/libc.so.6
#5 0xb7e16b97 in __cxxabiv1::__terminate () from /usr/lib/gcc-lib/i686-pc-linux-gnu/3.3.6/libstdc++.so.5
#6 0xb7e16bd4 in std::terminate () from /usr/lib/gcc-lib/i686-pc-linux-gnu/3.3.6/libstdc++.so.5
#7 0xb7e16d96 in __cxa_throw () from /usr/lib/gcc-lib/i686-pc-linux-gnu/3.3.6/libstdc++.so.5
#8 0x0805e6ed in DNSPacket::getDNSName<Utils::EndianStream<std::basic_stringstream<char, std::char_traits<char>, std::allocator<char> >, true> > (this=0xb703b9f0, s=@0x80bd708) at atomicity.h:38
#9 0x0805a355 in Question::read<Utils::EndianStream<std::basic_stringstream<char, std::char_traits<char>, std::allocator<char> >, true> > (this=0x80bfea8, stream=@0xb703b880, packet=@0x0) at basic_string.h:358
#10 0x08058967 in DNSPacket::read<Utils::EndianStream<std::basic_stringstream<char, std::char_traits<char>, std::allocator<char> >, true> > (this=0xb703b9f0, s=@0xb703b880) at stl_vector.h:574
#11 0x0805703f in resolver_process (question=0x0, question_length=0, answer=0x0, answer_length=0xb703ba7c,
callback=0x8063e60 <resolve_hname_wrap>) at dns_pkt.cpp:475
#12 0x08063fd1 in dns_exec_pkt (passed_argv=0xb7f79ff4) at dns_wrapper.c:100
#13 0xb7f7118e in pthread_start_thread () from /lib/libpthread.so.0
#14 0xb7f71334 in pthread_start_thread_event () from /lib/libpthread.so.0
#15 0xb7cf4aaa in clone () from /lib/libc.so.6
(gdb) bt full
#0 0xb7c695f1 in kill () from /lib/libc.so.6
No symbol table info available.
#1 0xb7f742e0 in pthread_kill () from /lib/libpthread.so.0
No symbol table info available.
#2 0xb7f7463b in raise () from /lib/libpthread.so.0
No symbol table info available.
#3 0xb7c691d2 in raise () from /lib/libc.so.6
No symbol table info available.
#4 0xb7c6a9f0 in abort () from /lib/libc.so.6
No symbol table info available.
#5 0xb7e16b97 in __cxxabiv1::__terminate () from /usr/lib/gcc-lib/i686-pc-linux-gnu/3.3.6/libstdc++.so.5
No symbol table info available.
#6 0xb7e16bd4 in std::terminate () from /usr/lib/gcc-lib/i686-pc-linux-gnu/3.3.6/libstdc++.so.5
No symbol table info available.
#7 0xb7e16d96 in __cxa_throw () from /usr/lib/gcc-lib/i686-pc-linux-gnu/3.3.6/libstdc++.so.5
No symbol table info available.
#8 0x0805e6ed in DNSPacket::getDNSName<Utils::EndianStream<std::basic_stringstream<char, std::char_traits<char>, std::allocator<char> >, true> > (this=0xb703b9f0, s=@0x80bd708) at atomicity.h:38
ol = 244 'ô'
r = {static npos = 4294967295, _M_dataplus = {<std::allocator<char>> = {<No data fields>}, _M_p = 0x80aaabc ""},
static _S_empty_rep_storage = {0, 0, 0, 0}}
labelOffset = {<std::_Vector_base<unsigned short, std::allocator<unsigned short> >> = {<std::_Vector_alloc_base<unsigned short, std::allocator<unsigned short>, true>> = {_M_start = 0x0, _M_finish = 0x0,
_M_end_of_storage = 0x0}, <No data fields>}, <No data fields>}
pos = {_M_off = 12, _M_st = {__count = 0, __value = {__wch = 0, __wchb = "\000\000\000" } } }
#9 0x0805a355 in Question::read<Utils::EndianStream<std::basic_stringstream<char, std::char_traits<char>, std::allocator<char> >, true> > (this=0x80bfea8, stream=@0xb703b880, packet=@0x0) at basic_string.h:358
No locals.
#10 0x08058967 in DNSPacket::read<Utils::EndianStream<std::basic_stringstream<char, std::char_traits<char>, std::allocator<char> >, true> > (this=0xb703b9f0, s=@0xb703b880) at stl_vector.h:574
m_flags = 11825
m_qdcount = 12592
m_ancount = 11825
m_nscount = 12590
m_arcount = 12593
rcode = 1 '\001'
#11 0x0805703f in resolver_process (question=0x0, question_length=0, answer=0x0, answer_length=0xb703ba7c,
callback=0x8063e60 <resolve_hname_wrap>) at dns_pkt.cpp:475
questionPacket = {m_id = 14385, m_flags = 47095,
questions = {<std::_Vector_base<Question, std::allocator<Question> >> = {<std::_Vector_alloc_base<Question, std::allocato---Type <return> to continue, or q <return> to quit---
r<Question>, true>> = {_M_start = 0x80bfea8, _M_finish = 0x80bfeb0,
_M_end_of_storage = 0x80bfeb0}, <No data fields>}, <No data fields>},
answers = {<std::_Vector_base<Answer, std::allocator<Answer> >> = {<std::_Vector_alloc_base<Answer, std::allocator<Answer>, true>> = {_M_start = 0x0, _M_finish = 0x0, _M_end_of_storage = 0x0}, <No data fields>}, <No data fields>}, labels = {
_M_t = {<std::_Rb_tree_base<std::pair<unsigned short const, std::string>, std::allocator<std::pair<unsigned short const, std::string> > >> = {<std::_Rb_tree_alloc_base<std::pair<unsigned short const, std::string>, std::allocator<std::pair<unsigned short const, std::string> >, true>> = {_M_header = 0x80b2408}, <No data fields>}, _M_node_count = 0,
_M_key_compare = {<std::binary_function<unsigned short, unsigned short, bool>> = {<No data fields>}, <No data fields>} } }, initOffset = {_M_off = 0, _M_st = {__count = 0, __value = {__wch = 0, __wchb = "\000\000\000"} } } }
answerPacket = {m_id = 0, m_flags = 0,
questions = {<std::_Vector_base<Question, std::allocator<Question> >> = {<std::_Vector_alloc_base<Question, std::allocator<Question>, true>> = {_M_start = 0x0, _M_finish = 0x0, _M_end_of_storage = 0x0}, <No data fields>}, <No data fields>},
answers = {<std::_Vector_base<Answer, std::allocator<Answer> >> = {<std::_Vector_alloc_base<Answer, std::allocator<Answer>, true>> = {_M_start = 0x0, _M_finish = 0x0, _M_end_of_storage = 0x0}, <No data fields>}, <No data fields>}, labels = {
_M_t = {<std::_Rb_tree_base<std::pair<unsigned short const, std::string>, std::allocator<std::pair<unsigned short const, std::string> > >> = {<std::_Rb_tree_alloc_base<std::pair<unsigned short const, std::string>, std::allocator<std::pair<unsigned short const, std::string> >, true>> = {_M_header = 0x80b2420}, <No data fields>}, _M_node_count = 0,
_M_key_compare = {<std::binary_function<unsigned short, unsigned short, bool>> = {<No data fields>}, <No data fields>} }}, initOffset = {_M_off = 0, _M_st = {__count = 0, __value = {__wch = 0, __wchb = "\000\000\000"} } } }
ss = {<std::basic_stringstream<char, std::char_traits<char>, std::allocator<char> >> = {<std::iostream> = {<> = {<No data fields>}, <> = {<No data fields>}, <No data fields>}, _M_stringbuf = {<> = {<No data fields>}, _M_string = {
static npos = 4294967295, _M_dataplus = {<std::allocator<char>> = {<No data fields>},
_M_p = 0x80b2614 "81.111.11.111"}, static _S_empty_rep_storage = {0, 0, 0,
0 } } } }, <Utils::EndianType<true>> = {<No data fields>}, <No data fields>}
iter = {<std::iterator<std::random_access_iterator_tag, Question, int, Question*, Question&>> = {<No data fields>}, _M_current = 0x0}
out = {static npos = 4294967295, _M_dataplus = {<std::allocator<char>> = {<No data fields>},
_M_p = 0x80b25f4 "81.111.11.111"}, static _S_empty_rep_storage = {0, 0, 0, 0}}
#12 0x08063fd1 in dns_exec_pkt (passed_argv=0xb7f79ff4) at dns_wrapper.c:100
argv = {rpkt = 0xb6e3bc60 "81.111.11.111", rpkt_sz = 13, sk = 20, from = {sa_family = 2,
sa_data = "\001å\177\000\000\001\000\000\000\000\000\000\000"}, from_len = 16}
buf = "81.111.11.111", '\0' <repeats 498 times>
answer_buffer = '\0' <repeats 511 times>
answer_length = 512
#13 0xb7f7118e in pthread_start_thread () from /lib/libpthread.so.0
No symbol table info available.
#14 0xb7f71334 in pthread_start_thread_event () from /lib/libpthread.so.0
No symbol table info available.
#15 0xb7cf4aaa in clone () from /lib/libc.so.6
No symbol table info available.
(gdb) thread apply bt full
(gdb)
Solved
In the 0.0.5b this bug has been fixed.