Differences between revisions 8 and 9
Revision 8 as of 2005-11-10 21:56:34
Size: 11038
Editor: alpt
Comment:
Revision 9 as of 2006-01-12 05:55:58
Size: 11096
Editor: alpt
Comment:
Deletions are marked like this. Additions are marked like this.
Line 175: Line 175:

== Solved ==

In the 0.0.5b this bug has been fixed.

Ntk bug 0003

Report date: 11/10/2005 18:03

If you send a UDP packet to the DNS wrapper whith this characteristics:

Destination Host: IP of the victim
Destination Port: 53
Data: an ip string, i.e. "81.111.11.111"

netsukuku_d of the victim crash

Debug and Output

(gdb) run
Starting program: /home/andrea/avvio/netsukuku/src/netsukuku_d -i eth0 -D -dddddddd
[Thread debugging using libthread_db enabled]
[New Thread 16384 (LWP 20713)]
# Andna Local Cache loaded
# Andna cache loaded
# Counter cache loaded
# Resolved hostnames cache loaded
# Hostnames file loaded
# Internal map loaded
# External map loaded
# Deleting the loopback network (leaving only 127.0.0.1)
* RTNETLINK answers (-3): No such process
* RTNETLINK answers (-3): No such process
* RTNETLINK answers (-3): No such process
# Activating ip_forward and disabling rp_filter
+ Setting the 10.0.0.75 ip to all the interfaces
# Activating all daemons
# Evocating the netsukuku udp daemon.
[New Thread 32769 (LWP 20716)]
[New Thread 16386 (LWP 20717)]
# Preparing the udp listening socket on port 269
# Udp daemon on port 269 up & running
# Evocating the netsukuku udp radar daemon.
[New Thread 32771 (LWP 20718)]
# Preparing the udp listening socket on port 271
# Udp daemon on port 271 up & running
# Evocating the netsukuku tcp daemon.
[New Thread 49156 (LWP 20719)]
# Preparing the tcp listening socket on port 269
# Tcp daemon on port 269 up & running
+ The hook begins. Starting to scan the area
+ Launching radar_scan 1 of 3
# Radar scan 0x52d21e7f activated
+ Launching radar_scan 2 of 3
# Radar scan 0x3c20de5c activated
+ Launching radar_scan 3 of 3
# Radar scan 0x4bdf72c0 activated
+ No nodes found! This is a black zone. Creating a new_gnode.
+ Setting the 181.107.159.118 ip to all the interfaces
+ Now we are in a brand new gnode. The ip 181.107.159.118 is now used.
+ Starting the second radar scan before sending our first tracer_pkt
+ Filling the kernel route table
+ Hook completed
[New Thread 65541 (LWP 20720)]
# Evocating radar daemon.
# Radar daemon up & running
# Evocating the andna udp daemon.
[New Thread 81926 (LWP 20721)]
# Preparing the udp listening socket on port 277
# Udp daemon on port 277 up & running
# Evocating the andna tcp daemon.
[New Thread 98311 (LWP 20722)]
# Preparing the tcp listening socket on port 277
# Tcp daemon on port 277 up & running
[New Thread 114696 (LWP 20723)]
# Evocating the DNS wrapper daemon.
[New Thread 131081 (LWP 20724)]
+ Modifying /etc/resolv.conf
# andna_register_hname: hash_gnode not found ;(
# Preparing the dns_udp listening socket on port 53
# DNS wrapper daemon on port 53 up & running
+ Starting the ANDNA hook.
# There are no nodes, skipping the ANDNA hook.
[Thread 114696 (LWP 20723) exited]
[New Thread 147464 (LWP 20725)]
DNSPacket::read: got packet (id 14385, flags 11825, qdcount 12593, ancount 11825, nscount 12590, arcount 12593, rcode 1)
DNSPacket::read: format error

Program received signal SIGABRT, Aborted.
[Switching to Thread 147464 (LWP 20725)]
0xb7c695f1 in kill () from /lib/libc.so.6
(gdb) bt
#0  0xb7c695f1 in kill () from /lib/libc.so.6
#1  0xb7f742e0 in pthread_kill () from /lib/libpthread.so.0
#2  0xb7f7463b in raise () from /lib/libpthread.so.0
#3  0xb7c691d2 in raise () from /lib/libc.so.6
#4  0xb7c6a9f0 in abort () from /lib/libc.so.6
#5  0xb7e16b97 in __cxxabiv1::__terminate () from /usr/lib/gcc-lib/i686-pc-linux-gnu/3.3.6/libstdc++.so.5
#6  0xb7e16bd4 in std::terminate () from /usr/lib/gcc-lib/i686-pc-linux-gnu/3.3.6/libstdc++.so.5
#7  0xb7e16d96 in __cxa_throw () from /usr/lib/gcc-lib/i686-pc-linux-gnu/3.3.6/libstdc++.so.5
#8  0x0805e6ed in DNSPacket::getDNSName<Utils::EndianStream<std::basic_stringstream<char, std::char_traits<char>, std::allocator<char> >, true> > (this=0xb703b9f0, s=@0x80bd708) at atomicity.h:38
#9  0x0805a355 in Question::read<Utils::EndianStream<std::basic_stringstream<char, std::char_traits<char>, std::allocator<char> >, true> > (this=0x80bfea8, stream=@0xb703b880, packet=@0x0) at basic_string.h:358
#10 0x08058967 in DNSPacket::read<Utils::EndianStream<std::basic_stringstream<char, std::char_traits<char>, std::allocator<char> >, true> > (this=0xb703b9f0, s=@0xb703b880) at stl_vector.h:574
#11 0x0805703f in resolver_process (question=0x0, question_length=0, answer=0x0, answer_length=0xb703ba7c,
    callback=0x8063e60 <resolve_hname_wrap>) at dns_pkt.cpp:475
#12 0x08063fd1 in dns_exec_pkt (passed_argv=0xb7f79ff4) at dns_wrapper.c:100
#13 0xb7f7118e in pthread_start_thread () from /lib/libpthread.so.0
#14 0xb7f71334 in pthread_start_thread_event () from /lib/libpthread.so.0
#15 0xb7cf4aaa in clone () from /lib/libc.so.6
(gdb) bt full
#0  0xb7c695f1 in kill () from /lib/libc.so.6
No symbol table info available.
#1  0xb7f742e0 in pthread_kill () from /lib/libpthread.so.0
No symbol table info available.
#2  0xb7f7463b in raise () from /lib/libpthread.so.0
No symbol table info available.
#3  0xb7c691d2 in raise () from /lib/libc.so.6
No symbol table info available.
#4  0xb7c6a9f0 in abort () from /lib/libc.so.6
No symbol table info available.
#5  0xb7e16b97 in __cxxabiv1::__terminate () from /usr/lib/gcc-lib/i686-pc-linux-gnu/3.3.6/libstdc++.so.5
No symbol table info available.
#6  0xb7e16bd4 in std::terminate () from /usr/lib/gcc-lib/i686-pc-linux-gnu/3.3.6/libstdc++.so.5
No symbol table info available.
#7  0xb7e16d96 in __cxa_throw () from /usr/lib/gcc-lib/i686-pc-linux-gnu/3.3.6/libstdc++.so.5
No symbol table info available.
#8  0x0805e6ed in DNSPacket::getDNSName<Utils::EndianStream<std::basic_stringstream<char, std::char_traits<char>, std::allocator<char> >, true> > (this=0xb703b9f0, s=@0x80bd708) at atomicity.h:38
        ol = 244 'ô'
        r = {static npos = 4294967295, _M_dataplus = {<std::allocator<char>> = {<No data fields>}, _M_p = 0x80aaabc ""},
  static _S_empty_rep_storage = {0, 0, 0, 0}}
        labelOffset = {<std::_Vector_base<unsigned short, std::allocator<unsigned short> >> = {<std::_Vector_alloc_base<unsigned short, std::allocator<unsigned short>, true>> = {_M_start = 0x0, _M_finish = 0x0,
      _M_end_of_storage = 0x0}, <No data fields>}, <No data fields>}
        pos = {_M_off = 12, _M_st = {__count = 0, __value = {__wch = 0, __wchb = "\000\000\000" } } } 
#9  0x0805a355 in Question::read<Utils::EndianStream<std::basic_stringstream<char, std::char_traits<char>, std::allocator<char> >, true> > (this=0x80bfea8, stream=@0xb703b880, packet=@0x0) at basic_string.h:358
No locals.
#10 0x08058967 in DNSPacket::read<Utils::EndianStream<std::basic_stringstream<char, std::char_traits<char>, std::allocator<char> >, true> > (this=0xb703b9f0, s=@0xb703b880) at stl_vector.h:574
        m_flags = 11825
        m_qdcount = 12592
        m_ancount = 11825
        m_nscount = 12590
        m_arcount = 12593
        rcode = 1 '\001'
#11 0x0805703f in resolver_process (question=0x0, question_length=0, answer=0x0, answer_length=0xb703ba7c,
    callback=0x8063e60 <resolve_hname_wrap>) at dns_pkt.cpp:475
        questionPacket = {m_id = 14385, m_flags = 47095,
  questions = {<std::_Vector_base<Question, std::allocator<Question> >> = {<std::_Vector_alloc_base<Question, std::allocato---Type <return> to continue, or q <return> to quit---
r<Question>, true>> = {_M_start = 0x80bfea8, _M_finish = 0x80bfeb0,
        _M_end_of_storage = 0x80bfeb0}, <No data fields>}, <No data fields>},
  answers = {<std::_Vector_base<Answer, std::allocator<Answer> >> = {<std::_Vector_alloc_base<Answer, std::allocator<Answer>, true>> = {_M_start = 0x0, _M_finish = 0x0, _M_end_of_storage = 0x0}, <No data fields>}, <No data fields>}, labels = {
    _M_t = {<std::_Rb_tree_base<std::pair<unsigned short const, std::string>, std::allocator<std::pair<unsigned short const, std::string> > >> = {<std::_Rb_tree_alloc_base<std::pair<unsigned short const, std::string>, std::allocator<std::pair<unsigned short const, std::string> >, true>> = {_M_header = 0x80b2408}, <No data fields>}, _M_node_count = 0,
      _M_key_compare = {<std::binary_function<unsigned short, unsigned short, bool>> = {<No data fields>}, <No data fields>} } }, initOffset = {_M_off = 0, _M_st = {__count = 0, __value = {__wch = 0, __wchb = "\000\000\000"} } } }
        answerPacket = {m_id = 0, m_flags = 0,
  questions = {<std::_Vector_base<Question, std::allocator<Question> >> = {<std::_Vector_alloc_base<Question, std::allocator<Question>, true>> = {_M_start = 0x0, _M_finish = 0x0, _M_end_of_storage = 0x0}, <No data fields>}, <No data fields>},
  answers = {<std::_Vector_base<Answer, std::allocator<Answer> >> = {<std::_Vector_alloc_base<Answer, std::allocator<Answer>, true>> = {_M_start = 0x0, _M_finish = 0x0, _M_end_of_storage = 0x0}, <No data fields>}, <No data fields>}, labels = {
    _M_t = {<std::_Rb_tree_base<std::pair<unsigned short const, std::string>, std::allocator<std::pair<unsigned short const, std::string> > >> = {<std::_Rb_tree_alloc_base<std::pair<unsigned short const, std::string>, std::allocator<std::pair<unsigned short const, std::string> >, true>> = {_M_header = 0x80b2420}, <No data fields>}, _M_node_count = 0,
      _M_key_compare = {<std::binary_function<unsigned short, unsigned short, bool>> = {<No data fields>}, <No data fields>} }}, initOffset = {_M_off = 0, _M_st = {__count = 0, __value = {__wch = 0, __wchb = "\000\000\000"} } } }
        ss = {<std::basic_stringstream<char, std::char_traits<char>, std::allocator<char> >> = {<std::iostream> = {<> = {<No data fields>}, <> = {<No data fields>}, <No data fields>}, _M_stringbuf = {<> = {<No data fields>}, _M_string = {
        static npos = 4294967295, _M_dataplus = {<std::allocator<char>> = {<No data fields>},
          _M_p = 0x80b2614 "81.111.11.111"}, static _S_empty_rep_storage = {0, 0, 0,
          0 } } } }, <Utils::EndianType<true>> = {<No data fields>}, <No data fields>}
        iter = {<std::iterator<std::random_access_iterator_tag, Question, int, Question*, Question&>> = {<No data fields>}, _M_current = 0x0}
        out = {static npos = 4294967295, _M_dataplus = {<std::allocator<char>> = {<No data fields>},
    _M_p = 0x80b25f4 "81.111.11.111"}, static _S_empty_rep_storage = {0, 0, 0, 0}}
#12 0x08063fd1 in dns_exec_pkt (passed_argv=0xb7f79ff4) at dns_wrapper.c:100
        argv = {rpkt = 0xb6e3bc60 "81.111.11.111", rpkt_sz = 13, sk = 20, from = {sa_family = 2,
    sa_data = "\001å\177\000\000\001\000\000\000\000\000\000\000"}, from_len = 16}
        buf = "81.111.11.111", '\0' <repeats 498 times>
        answer_buffer = '\0' <repeats 511 times>
        answer_length = 512
#13 0xb7f7118e in pthread_start_thread () from /lib/libpthread.so.0
No symbol table info available.
#14 0xb7f71334 in pthread_start_thread_event () from /lib/libpthread.so.0
No symbol table info available.
#15 0xb7cf4aaa in clone () from /lib/libc.so.6
No symbol table info available.
(gdb) thread apply bt full
(gdb) 

Solved

In the 0.0.5b this bug has been fixed.

Ntk_Bug_0003 (last edited 2008-06-26 09:48:42 by anonymous)