[Bug network/19148] New: resolv: TCP query failure triggers retries along the search path

public inbox for glibc-bugs@sourceware.org
help / color / mirror / Atom feed

* [Bug network/19148] New: resolv: TCP query failure triggers retries along the search path
@ 2015-10-18 11:02 fweimer at redhat dot com
  0 siblings, 0 replies; only message in thread
From: fweimer at redhat dot com @ 2015-10-18 11:02 UTC (permalink / raw)
  To: glibc-bugs

https://sourceware.org/bugzilla/show_bug.cgi?id=19148

            Bug ID: 19148
           Summary: resolv: TCP query failure triggers retries along the
                    search path
           Product: glibc
           Version: 2.23
            Status: NEW
          Severity: normal
          Priority: P2
         Component: network
          Assignee: unassigned at sourceware dot org
          Reporter: fweimer at redhat dot com
  Target Milestone: ---

If the stub resolver receives a TC=1 reply from a configured name server, it
will attempt to fetch the answer over TCP.  If the TCP connection fails, the
stub resolver proceeds along the search path, instead of failing the query due
to the network failure.  This means that a brief name server outage can lead to
vastly different name resolution results, which seems wrong (and very difficult
to debug).  The current behavior could turn more problematic once new gTLDs are
in wide use because traditionally, operators avoid using TLD strings as labels
(so a successful resolution on the fallback queries along the search path
appears unlikely at the moment).

This is the second problem observed in this thread:

  https://sourceware.org/ml/libc-help/2015-10/msg00012.html

Fixing this bug will not address the reporter's issue because the configured
name server does not support TCP reliably.  This bug just fell out of the
analysis of the original report.

Reproduction instructions follow.  Make sure that /etc/resolv.conf contains a
“search directive”.  Disable TCP connections to the name servers with:

# iptables -I OUTPUT -p tcp --dport 53 -j REJECT --reject-with=tcp-reset

Then run:

$ strace -e sendmmsg -s 500 getent ahosts like-keys.t.enyo.de

Observe how search path entries are appended to the queried domain name.

The following resource records are associated with like-keys.t.enyo.de:

like-keys.t.enyo.de.    600     IN      CNAME   like-keys-1.t.enyo.de.

like-keys-1.t.enyo.de.  600     IN      A       192.0.2.1
like-keys-1.t.enyo.de.  600     IN      A       192.0.2.2
like-keys-1.t.enyo.de.  600     IN      A       192.0.2.3
like-keys-1.t.enyo.de.  600     IN      A       192.0.2.4
like-keys-1.t.enyo.de.  600     IN      A       192.0.2.5

like-keys-1.t.enyo.de.  600     IN      AAAA    2001:db8::
like-keys-1.t.enyo.de.  600     IN      AAAA    2001:db8::1
like-keys-1.t.enyo.de.  600     IN      AAAA    2001:db8::10
like-keys-1.t.enyo.de.  600     IN      AAAA    2001:db8::2
like-keys-1.t.enyo.de.  600     IN      AAAA    2001:db8::3
like-keys-1.t.enyo.de.  600     IN      AAAA    2001:db8::4
like-keys-1.t.enyo.de.  600     IN      AAAA    2001:db8::5
like-keys-1.t.enyo.de.  600     IN      AAAA    2001:db8::6
like-keys-1.t.enyo.de.  600     IN      AAAA    2001:db8::7
like-keys-1.t.enyo.de.  600     IN      AAAA    2001:db8::8
like-keys-1.t.enyo.de.  600     IN      AAAA    2001:db8::9
like-keys-1.t.enyo.de.  600     IN      AAAA    2001:db8::a
like-keys-1.t.enyo.de.  600     IN      AAAA    2001:db8::b
like-keys-1.t.enyo.de.  600     IN      AAAA    2001:db8::c
like-keys-1.t.enyo.de.  600     IN      AAAA    2001:db8::d
like-keys-1.t.enyo.de.  600     IN      AAAA    2001:db8::e
like-keys-1.t.enyo.de.  600     IN      AAAA    2001:db8::f

-- 
You are receiving this mail because:
You are on the CC list for the bug.
>From glibc-bugs-return-30214-listarch-glibc-bugs=sources.redhat.com@sourceware.org Sun Oct 18 21:03:59 2015
Return-Path: <glibc-bugs-return-30214-listarch-glibc-bugs=sources.redhat.com@sourceware.org>
Delivered-To: listarch-glibc-bugs@sources.redhat.com
Received: (qmail 8188 invoked by alias); 18 Oct 2015 21:03:58 -0000
Mailing-List: contact glibc-bugs-help@sourceware.org; run by ezmlm
Precedence: bulk
List-Id: <glibc-bugs.sourceware.org>
List-Subscribe: <mailto:glibc-bugs-subscribe@sourceware.org>
List-Post: <mailto:glibc-bugs@sourceware.org>
List-Help: <mailto:glibc-bugs-help@sourceware.org>, <http://sourceware.org/lists.html#faqs>
Sender: glibc-bugs-owner@sourceware.org
Delivered-To: mailing list glibc-bugs@sourceware.org
Received: (qmail 8148 invoked by uid 55); 18 Oct 2015 21:03:54 -0000
From: "cvs-commit at gcc dot gnu.org" <sourceware-bugzilla@sourceware.org>
To: glibc-bugs@sourceware.org
Subject: [Bug libc/17079] nss_files heap-based buffer overflow with small buffer (CVE-2015-5277)
Date: Sun, 18 Oct 2015 21:03:00 -0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: glibc
X-Bugzilla-Component: libc
X-Bugzilla-Version: 2.19
X-Bugzilla-Keywords:
X-Bugzilla-Severity: normal
X-Bugzilla-Who: cvs-commit at gcc dot gnu.org
X-Bugzilla-Status: RESOLVED
X-Bugzilla-Resolution: FIXED
X-Bugzilla-Priority: P2
X-Bugzilla-Assigned-To: unassigned at sourceware dot org
X-Bugzilla-Target-Milestone: 2.20
X-Bugzilla-Flags: security+
X-Bugzilla-Changed-Fields:
Message-ID: <bug-17079-131-3cBY7lKris@http.sourceware.org/bugzilla/>
In-Reply-To: <bug-17079-131@http.sourceware.org/bugzilla/>
References: <bug-17079-131@http.sourceware.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-Bugzilla-URL: http://sourceware.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-SW-Source: 2015-10/txt/msg00251.txt.bz2
Content-length: 1476

https://sourceware.org/bugzilla/show_bug.cgi?id\x17079

--- Comment #7 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot gnu.org> ---
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".

The branch, release/2.19/master has been updated
       via  3fd498242948b1fa944c56646ec9b156387dd310 (commit)
      from  b0f0937975ef3c0f4c514fe29137549c27be0cf0 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h?d498242948b1fa944c56646ec9b156387dd310

commit 3fd498242948b1fa944c56646ec9b156387dd310
Author: Andreas Schwab <schwab@suse.de>
Date:   Mon Jun 23 10:24:45 2014 +0200

    Don't ignore too long lines in nss_files (BZ #17079)

    (cherry picked from commit ac60763eac3d43b7234dd21286ad3ec3f17957fc)

    Conflicts:
        ChangeLog
        NEWS

-----------------------------------------------------------------------

Summary of changes:
 ChangeLog                 |    6 ++++++
 NEWS                      |    4 ++--
 nss/nss_files/files-XXX.c |    4 +++-
 3 files changed, 11 insertions(+), 3 deletions(-)

--
You are receiving this mail because:
You are on the CC list for the bug.


^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2015-10-18 11:02 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-10-18 11:02 [Bug network/19148] New: resolv: TCP query failure triggers retries along the search path fweimer at redhat dot com

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).