From b4a7e9ad8dc0defc037143bef1e63cbdbc0fe202 Mon Sep 17 00:00:00 2001
From: Wouter Wijngaards <wouter@nlnetlabs.nl>
Date: Thu, 15 Oct 2015 09:02:01 +0000
Subject: [PATCH] - Fix segfault in the dns64 module in the formaterror error
 path.

git-svn-id: file:///svn/unbound/trunk@3506 be551aaa-1e26-0410-a405-d3ace91eadb9
---
 dns64/dns64.c             |   6 ++-
 doc/Changelog             |   3 ++
 testdata/dns64_lookup.rpl | 101 ++++++++++++++++++++++++++++++++++++--
 3 files changed, 106 insertions(+), 4 deletions(-)

diff --git a/dns64/dns64.c b/dns64/dns64.c
index 63cc8084e..0de3f6643 100644
--- a/dns64/dns64.c
+++ b/dns64/dns64.c
@@ -618,8 +618,10 @@ dns64_synth_aaaa_data(const struct ub_packed_rrset_key* fk,
 	dd->rr_ttl = (time_t*)&dd->rr_data[dd->count];
 	for(i = 0; i < fd->count; ++i) {
 		if (fd->rr_len[i] != 6 || fd->rr_data[i][0] != 0
-		    || fd->rr_data[i][1] != 4)
+		    || fd->rr_data[i][1] != 4) {
+			*dd_out = NULL;
 			return;
+		}
 		dd->rr_len[i] = 18;
 		dd->rr_data[i] =
 		    (uint8_t*)&dd->rr_ttl[dd->count] + 18*i;
@@ -638,6 +640,7 @@ dns64_synth_aaaa_data(const struct ub_packed_rrset_key* fk,
 	 */
 	if(!dk) {
 		log_err("no key");
+		*dd_out = NULL;
 		return;
 	}
 
@@ -646,6 +649,7 @@ dns64_synth_aaaa_data(const struct ub_packed_rrset_key* fk,
 
 	if(!dk->rk.dname) {
 		log_err("out of memory");
+		*dd_out = NULL;
 		return;
 	}
 
diff --git a/doc/Changelog b/doc/Changelog
index cfcae0567..29cf20d14 100644
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,3 +1,6 @@
+15 October 2015: Wouter
+	- Fix segfault in the dns64 module in the formaterror error path.
+
 14 October 2015: Wouter
 	- ANY responses include DNAME records if present, as per Evan Hunt's
 	  remark in dnsop.
diff --git a/testdata/dns64_lookup.rpl b/testdata/dns64_lookup.rpl
index 5d4a63b3e..49f26db89 100644
--- a/testdata/dns64_lookup.rpl
+++ b/testdata/dns64_lookup.rpl
@@ -15,7 +15,7 @@ SCENARIO_BEGIN Test dns64 lookup and synthesis.
 ; AAAA if present, is passed through unchanged.
 
 ; K.ROOT-SERVERS.NET.
-RANGE_BEGIN 0 100
+RANGE_BEGIN 0 200
 	ADDRESS 193.0.14.129 
 ENTRY_BEGIN
 MATCH opcode qtype qname
@@ -40,10 +40,23 @@ com.	IN NS	a.gtld-servers.net.
 SECTION ADDITIONAL
 a.gtld-servers.net.	IN 	A	192.5.6.30
 ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR NOERROR
+SECTION QUESTION
+7.6.5.in-addr.arpa. IN A
+SECTION AUTHORITY
+7.6.5.in-addr.arpa. IN NS ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN	A	1.2.3.4
+ENTRY_END
+
 RANGE_END
 
 ; a.gtld-servers.net.
-RANGE_BEGIN 0 100
+RANGE_BEGIN 0 200
 	ADDRESS 192.5.6.30
 ENTRY_BEGIN
 MATCH opcode qtype qname
@@ -71,7 +84,7 @@ ENTRY_END
 RANGE_END
 
 ; ns.example.com.
-RANGE_BEGIN 0 100
+RANGE_BEGIN 0 200
 	ADDRESS 1.2.3.4
 ENTRY_BEGIN
 MATCH opcode qtype qname
@@ -125,6 +138,33 @@ SECTION ADDITIONAL
 ns.example.com.		IN 	A	1.2.3.4
 ENTRY_END
 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+broken.example.com. IN AAAA
+SECTION ANSWER
+; NO AAAA present
+SECTION AUTHORITY
+example.com.	IN SOA	a. b. 1 2 3 4 5
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+broken.example.com. IN A
+SECTION ANSWER
+broken.example.com. IN A	5.6.7.8
+broken.example.com. IN A \# 3 030405
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+
 ENTRY_BEGIN
 MATCH opcode qtype qname
 ADJUST copy_id
@@ -138,6 +178,19 @@ example.com.	IN NS	ns.example.com.
 SECTION ADDITIONAL
 ns.example.com.		IN 	A	1.2.3.4
 ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+8.7.6.5.in-addr.arpa. IN PTR
+SECTION ANSWER
+8.7.6.5.in-addr.arpa. PTR ip4.example.com.
+SECTION AUTHORITY
+7.6.5.in-addr.arpa. IN NS ns.example.com.
+ENTRY_END
+
 RANGE_END
 
 STEP 1 QUERY
@@ -208,4 +261,46 @@ SECTION ADDITIONAL
 ns.example.com.		IN 	A	1.2.3.4
 ENTRY_END
 
+; test ptr lookup
+STEP 60 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+8.0.7.0.6.0.5.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.b.9.f.f.4.6.0.0.ip6.arpa. IN PTR
+ENTRY_END
+
+; recursion happens here.
+STEP 70 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA NOERROR
+SECTION QUESTION
+8.0.7.0.6.0.5.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.b.9.f.f.4.6.0.0.ip6.arpa. IN PTR
+SECTION ANSWER
+8.0.7.0.6.0.5.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.b.9.f.f.4.6.0.0.ip6.arpa. IN PTR ip4.example.com.
+SECTION AUTHORITY
+7.6.5.in-addr.arpa. IN NS ns.example.com.
+ENTRY_END
+
+; synthesize from broken, malformed A records 
+STEP 80 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+broken.example.com. IN AAAA
+ENTRY_END
+
+; recursion happens here.
+STEP 90 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA NOERROR
+SECTION QUESTION
+broken.example.com. IN AAAA
+SECTION ANSWER
+SECTION AUTHORITY
+example.com.	IN SOA	a. b. 1 2 3 4 5
+SECTION ADDITIONAL
+ENTRY_END
+
 SCENARIO_END
-- 
2.47.2