glibc double free when using postgres dlz
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| bind9 (Ubuntu) |
Confirmed
|
Low
|
Unassigned | ||
Bug Description
Hi,
A double-free can occur when using the postgres dlz drivers.
Obviously this is not the default compilation mode, so someone would have to re-build from source.
However, if you do, bind9 will crash with:
# named -f -d 3
*** glibc detected *** named: double free or corruption (!prev): 0xb8f172c8 ***
======= Backtrace: =========
/lib/tls/
/lib/tls/
/lib/tls/
/usr/lib/
named(+
/usr/lib/
/usr/lib/
named(+
named(+
named(+
named(+
/usr/lib/
/lib/tls/
/lib/tls/
======= Memory map: ========
b3500000-b3521000 rw-p 00000000 00:00 0
b3521000-b3600000 ---p 00000000 00:00 0
b3684000-b36a1000 r-xp 00000000 ca:00 24591 /lib/libgcc_s.so.1
b36a1000-b36a2000 r--p 0001c000 ca:00 24591 /lib/libgcc_s.so.1
b36a2000-b36a3000 rw-p 0001d000 ca:00 24591 /lib/libgcc_s.so.1
b36a3000-b3829000 rw-p 00000000 00:00 0
b3829000-b3831000 r-xp 00000000 ca:00 24973 /lib/tls/
b3831000-b3832000 r--p 00007000 ca:00 24973 /lib/tls/
b3832000-b3833000 rw-p 00008000 ca:00 24973 /lib/tls/
b3833000-b3846000 r-xp 00000000 ca:00 24794 /lib/tls/
b3846000-b3847000 r--p 00012000 ca:00 24794 /lib/tls/
b3847000-b3848000 rw-p 00013000 ca:00 24794 /lib/tls/
b3848000-b384a000 rw-p 00000000 00:00 0
b384a000-b3850000 r-xp 00000000 ca:00 24795 /lib/tls/
b3850000-b3851000 r--p 00006000 ca:00 24795 /lib/tls/
b3851000-b3852000 rw-p 00007000 ca:00 24795 /lib/tls/
b3852000-b385c000 r-xp 00000000 ca:00 24956 /lib/tls/
b385c000-b385d000 r--p 00009000 ca:00 24956 /lib/tls/
b385d000-b385e000 rw-p 0000a000 ca:00 24956 /lib/tls/
b3862000-b3c72000 rw-p 00000000 00:00 0
b3c72000-b3c73000 ---p 00000000 00:00 0
b3c73000-b4473000 rw-p 00000000 00:00 0
b4473000-b4474000 ---p 00000000 00:00 0
b4474000-b4c74000 rw-p 00000000 00:00 0
b4c74000-b4c75000 ---p 00000000 00:00 0
b4c75000-b5475000 rw-p 00000000 00:00 0
b5475000-b5476000 ---p 00000000 00:00 0
b5476000-b5c76000 rw-p 00000000 00:00 0
b5c76000-b5c77000 ---p 00000000 00:00 0
b5c77000-b6477000 rw-p 00000000 00:00 0
b6477000-b6478000 ---p 00000000 00:00 0
b6478000-b6cbc000 rw-p 00000000 00:00 0
b6cbc000-b6cbf000 r-xp 00000000 ca:00 25102 /lib/libgpg-
b6cbf000-b6cc0000 r--p 00002000 ca:00 25102 /lib/libgpg-
b6cc0000-b6cc1000 rw-p 00003000 ca:00 25102 /lib/libgpg-
b6cc1000-b6d31000 r-xp 00000000 ca:00 24606 /lib/libgcrypt.
b6d31000-b6d32000 r--p 00070000 ca:00 24606 /lib/libgcrypt.
b6d32000-b6d34000 rw-p 00071000 ca:00 24606 /lib/libgcrypt.
b6d34000-b6d43000 r-xp 00000000 ca:00 12061 /usr/lib/
b6d43000-b6d44000 r--p 0000e000 ca:00 12061 /usr/lib/
b6d44000-b6d45000 rw-p 0000f000 ca:00 12061 /usr/lib/
b6d45000-b6d69000 r-xp 00000000 ca:00 24638 /lib/tls/
b6d69000-b6d6a000 r--p 00023000 ca:00 24638 /lib/tls/
b6d6a000-b6d6b000 rw-p 00024000 ca:00 24638 /lib/tls/
b6d6b000-b6d6c000 rw-p 00000000 00:00 0
b6d6c000-b6d70000 r-xp 00000000 ca:00 24797 /lib/libattr.
b6d70000-b6d71000 r--p 00003000 ca:00 24797 /lib/libattr.
b6d71000-b6d72000 rw-p 00004000 ca:00 24797 /lib/libattr.
b6d72000-b6e08000 r-xp 00000000 ca:00 12636 /usr/lib/
b6e08000-b6e0c000 r--p 00095000 ca:00 12636 /usr/lib/
b6e0c000-b6e0d000 rw-p 00099000 ca:00 12636 /usr/lib/
b6e0d000-b6e23000 r-xp 00000000 ca:00 12641 /usr/lib/
b6e23000-b6e24000 r--p 00015000 ca:00 12641 /usr/lib/
b6e24000-b6e25000 rw-p 00016000 ca:00 12641 /usr/lib/
b6e25000-b6e69000 r-xp 00000000 ca:00 24866 /lib/i686/
b6e69000-b6e6a000 r--p 00044000 ca:00 24866 /lib/i686/
b6e6a000-b6e6d000 rw-p 00045000 ca:00 24866 /lib/i686/
b6e6d000-b6e80000 r-xp 00000000 ca:00 24635 /lib/libz.
b6e80000-b6e81000 r--p 00012000 ca:00 24635 /lib/libz.
b6e81000-b6e82000 rw-p 00013000 ca:00 24635 /lib/libz.
b6e82000-b6e83000 rw-p 00000000 00:00 0
b6e83000-b6e93000 r-xp 00000000 ca:00 25091 /lib/tls/
b6e93000-b6e94000 r--p 00010000 ca:00 25091 /lib/tls/
b6e94000-b6e95000 rw-p 00011000 ca:00 25091 /lib/tls/
b6e95000-b6e97000 rw-p 00000000 00:00 0
b6e97000-b6e99000 r-xp 00000000 ca:00 24975 /lib/libkeyutil
b6e99000-b6e9a000 r--p 00001000 ca:00 24975 /lib/libkeyutil
b6e9a000-b6e9b000 rw-p 00002000 ca:00 24975 /lib/libkeyutil
b6e9b000-b6e9d000 r-xp 00000000 ca:00 24637 /lib/tls/
b6e9d000-b6e9e000 r--p 00001000 ca:00 24637 /lib/tls/
b6e9e000-b6e9f000 rw-p 00002000 ca:00 24637 /lib/tls/
b6e9f000-b6ea5000 r-xp 00000000 ca:00 9130 /usr/lib/
b6ea5000-b6ea6000 r--p 00005000 ca:00 9130 /usr/lib/
b6ea6000-b6ea7000 rw-p 00006000 ca:00 9130 /usr/lib/
b6ea7000-b6ea9000 r-xp 00000000 ca:00 24597 /lib/libcom_
b6ea9000-b6eaa000 r--p 00001000 ca:00 24597 /lib/libcom_
b6eaa000-b6eab000 rw-p 00002000 ca:00 24597 /lib/libcom_
b6eab000-b6eac000 rw-p 00000000 00:00 0
b6eac000-b6ece000 r-xp 00000000 ca:00 9111 /usr/lib/
b6ece000-b6ecf000 r--p 00021000 ca:00 9111 /usr/lib/
b6ecf000-b6ed0000 rw-p 00022000 ca:00 9111 /usr/lib/
b6ed0000-b6f7a000 r-xp 00000000 ca:00 9121 /usr/lib/
b6f7a000-b6f7b000 ---p 000aa000 ca:00 9121 /usr/lib/
b6f7b000-b6f80000 r--p 000aa000 ca:00 9121 /usr/lib/
b6f80000-b6f81000 rw-p 000af000 ca:00 9121 /usr/lib/
b6f81000-b6fb3000 r-xp 00000000 ca:00 12060 /usr/lib/
b6fb3000-b6fb4000 r--p 00031000 ca:00 12060 /usr/lib/
b6fb4000-b6fb5000 rw-p 00032000 ca:00 12060 /usr/lib/
I have attached a patch I found here:
http://
but only addressing the double-free.
Regards,
Anand
| Anand Kumria (wildfire) wrote | #1 |
| security vulnerability: | yes → no |
| visibility: | private → public |
| Changed in bind9 (Ubuntu): | |
| importance: | Undecided → Low |
| Launchpad Janitor (janitor) wrote | #2 |
| Changed in bind9 (Ubuntu): | |
| status: | New → Confirmed |
| Daniel Briley (dbriley) wrote | #3 |
| Ubuntu Foundations Team Bug Bot (crichton) wrote | #4 |
Status changed to 'Confirmed' because the bug affects multiple users.