DNS lookup routines may return either string or addr

[mej]

I encountered an issue where DNS failure resulted in a return value that was a string value ("<dns-timeout>" in this instance). Looking at LookupHostCallback? in src/bro.bif, it would appear that in cases of error or failure, a StringVal? object is returned instead of a set of addrs.

I'm new to Bro, so I don't know if this is intentional or not, but Robin says it's a bug, so I'm filing it. ;-)

I can provide a reproducer if needed.

[robin]

Yeah, that's definitely a bug. If you have the reproducer at hand, please add it; otherwise, don't bother, it should be pretty straight-forward to trigger the problem.

[mej]

Reproducer

[mej]

I took your irc-hosts-c.bro script from Lab #6 of the Bro class and made one change:

• local dns_addrs = find_all(message, /[a-z]+{1,}\.[a-z]+{1,}\.[a-z]+{1,}\.[a-z]+{1,}/);

+ local dns_addrs = find_all(message, /[^{[:space:]]*\.[A-Za-z][A-Za-z]*/);}

The pattern I used caught a lot more than hostnames (obviously), which is why it triggered the bug. You'll see errors like this followed by (potentially) a seg fault:

$ bro -r irc-2.pcap irc-hosts-bug.bro
1182977234.025658 run-time error: can't issue DNS request
1182977234.025658 <no location> and ./irc-hosts-bug.bro, line 14

(< and list of addr): error, index type doesn't match table

1182977234.025658 <no location> and ./irc-hosts-bug.bro, line 14

(d and list of addr): error, index type doesn't match table

1182977234.025658 <no location> and ./irc-hosts-bug.bro, line 14

(n and list of addr): error, index type doesn't match table

1182977234.025658 <no location> and ./irc-hosts-bug.bro, line 14

(s and list of addr): error, index type doesn't match table

1182977234.025658 <no location> and ./irc-hosts-bug.bro, line 14

(- and list of addr): error, index type doesn't match table

1182977234.025658 <no location> and ./irc-hosts-bug.bro, line 14

(t and list of addr): error, index type doesn't match table

1182977234.025658 <no location> and ./irc-hosts-bug.bro, line 14

(i and list of addr): error, index type doesn't match table

1182977234.025658 <no location> and ./irc-hosts-bug.bro, line 14

(m and list of addr): error, index type doesn't match table

1182977234.025658 <no location> and ./irc-hosts-bug.bro, line 14

(e and list of addr): error, index type doesn't match table

1182977234.025658 <no location> and ./irc-hosts-bug.bro, line 14

(o and list of addr): error, index type doesn't match table

1182977234.025658 <no location> and ./irc-hosts-bug.bro, line 14

(u and list of addr): error, index type doesn't match table

1182977234.025658 <no location> and ./irc-hosts-bug.bro, line 14

(t and list of addr): error, index type doesn't match table

1182977234.025658 <no location> and ./irc-hosts-bug.bro, line 14

(> and list of addr): error, index type doesn't match table

.size
Segmentation fault

You'll need your irc-2.pcap file also, but I assume you still have that. ;-)

[robin]

I'm attaching a patch which seems to fix the problem. It needs a bit more of testing though because it changes the return value for failed DNS requests: from a string containing an error description ("<dns-timeout>") to a set[addr] with one element 0.0.0.0. The alternative would be returning an empty set but I'm suspecting that would confuse some scripts (and I hope nobody actually depends on a string being returned in the error case ...)

[matthias]

After applying the patch, I don't experience crashes with the following error anymore:

<no location> (127.0.0.2): bad tag in Val::CONST_ACCESSOR (types/string)

Rather, I routinely get the this error:

run-time error: can't issue DNS request

[seth]

Has this patch been integrated? I thought it was but perhaps not. I'll go ahead and set it as a milestone for the 1.6 release for now.

[robin]

Seems this has been partially integrated.

[robin]

Oops no, the patch has been correctly integrated already.

[robin]

Milestone Bro2.0 deleted