delv 9.16.0, failed to add trusted key '.': ran out of space

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

delv 9.16.0, failed to add trusted key '.': ran out of space

Bind-Users forum mailing list
Hi,

The 9.16.0 version of delv seems to have trouble reading the root trust
anchor from the bind.keys file. I'm seeing this in multiple environments,
CentOS 6.10 and FreeBSD 11.3:

[user@host ~]$ delv -v
delv 9.16.0
[user@host ~]$ delv isc.org
;; /etc/bind.keys:31: failed to add trusted key '.': ran out of space
;; setup_dnsseckeys: failure

Attempting to rule out a problem with my local bind.keys, I grabbed a
fresh copy, but delv produces the same output:

[user@host ~]$ wget -qO /tmp/bind.keys.916 https://gitlab.isc.org/isc-projects/bind9/raw/v9_16/bind.keys
[user@host ~]$ delv -a /tmp/bind.keys.916 isc.org
;; /tmp/bind.keys.916:31: failed to add trusted key '.': ran out of space
;; setup_dnsseckeys: failure

The above output is from CentOS but the behavior is identical on FreeBSD.
Has anyone observed delv 9.16.0 to work in these environments? Before
opening a bug I want to make sure I didn't goof something on my end.

Thanks,

Shaun
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: delv 9.16.0, failed to add trusted key '.': ran out of space

Tony Finch
Shaun via bind-users <[hidden email]> wrote:
>
> The 9.16.0 version of delv seems to have trouble reading the root trust
> anchor from the bind.keys file.

I see this too. The bug is that dns_client_addtrustedkey() has a buffer
for parsing DNSKEY or DS records, but it's only big enough for DS.

diff --git lib/dns/client.c lib/dns/client.c
index 0d8e951fa0..0c151e78e5 100644
--- lib/dns/client.c
+++ lib/dns/client.c
@@ -1519,7 +1519,7 @@ dns_client_addtrustedkey(dns_client_t *client, dns_rdataclass_t rdclass,
  dns_view_t *view = NULL;
  dns_keytable_t *secroots = NULL;
  dns_name_t *name = NULL;
- char dsbuf[DNS_DS_BUFFERSIZE];
+ char rdatabuf[4096];
  unsigned char digest[ISC_MAX_MD_SIZE];
  dns_rdata_ds_t ds;
  dns_decompress_t dctx;
@@ -1543,7 +1543,7 @@ dns_client_addtrustedkey(dns_client_t *client, dns_rdataclass_t rdclass,
  goto cleanup;
  }

- isc_buffer_init(&b, dsbuf, sizeof(dsbuf));
+ isc_buffer_init(&b, rdatabuf, sizeof(rdatabuf));
  dns_decompress_init(&dctx, -1, DNS_DECOMPRESS_NONE);
  dns_rdata_init(&rdata);
  isc_buffer_setactive(databuf, isc_buffer_usedlength(databuf));

Tony.
--
f.anthony.n.finch  <[hidden email]>  http://dotat.at/
Irish Sea: South 5 to 7, veering southwest gale 8 or severe gale 9,
occasionally storm 10 later. Moderate, becoming rough or very rough. Rain,
then wintry showers. Moderate or poor, occasionally good later.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: delv 9.16.0, failed to add trusted key '.': ran out of space

Bind-Users forum mailing list
On Fri, 28 Feb 2020 20:07:47 +0000
Tony Finch <[hidden email]> wrote:

> Shaun via bind-users <[hidden email]> wrote:
> >
> > The 9.16.0 version of delv seems to have trouble reading the root trust
> > anchor from the bind.keys file.
>
> I see this too. The bug is that dns_client_addtrustedkey() has a buffer
> for parsing DNSKEY or DS records, but it's only big enough for DS.

Thanks for tracking this down! I've opened an issue in GitLab and
included your patch there.

Shaun
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users