mirror of
https://github.com/hickory-dns/hickory-dns.git
synced 2026-04-25 11:15:54 +03:00
[GH-ISSUE #2024] proto::op::Message can panic when dnssec is not enabled no debug builds #856
Labels
No labels
blocked
breaking-change
bug
bug:critical
bug:tests
cleanup
compliance
compliance
compliance
crate:all
crate:client
crate:native-tls
crate:proto
crate:recursor
crate:resolver
crate:resolver
crate:rustls
crate:server
crate:util
dependencies
docs
duplicate
easy
easy
enhance
enhance
enhance
feature:dns-over-https
feature:dns-over-quic
feature:dns-over-tls
feature:dnsssec
feature:global_lb
feature:mdns
feature:tsig
features:edns
has workaround
ops
perf
platform:WASM
platform:android
platform:fuchsia
platform:linux
platform:macos
platform:windows
pull-request
question
test
tools
tools
trust
unclear
wontfix
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference
starred/hickory-dns#856
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @mlokr on GitHub (Sep 17, 2023).
Original GitHub issue: https://github.com/hickory-dns/hickory-dns/issues/2024
Describe the bug
On debug builds, the message decoder can panic, particularly when
dnssecfeature is disabled.To Reproduce
Expected behavior
Receiving and error instead of panic would be nice
System:
Version:
Crate: proto
Version: 23
Additional context
The error can be avoided by enabling
dnssecfeature, but thedebug_assert!implies parsing should have failed sooner, my guess is that this function should return Unknown when this returns true because of branch here. The exact error is:record types do not match, NSEC <> Some(Unknown(47))@bluejekyll commented on GitHub (Sep 17, 2023):
I'm trying to reproduce this, so far no luck in #2025. Do you have the exact build and cargo parameters you used to recreate this error?
Now it is awkward that if DNSSEC is enabled or not changes if this parse is successful or not. My sense is it shouldn't be an error if DNSSEC is disabled, just should get unknown data...
@bluejekyll commented on GitHub (Sep 18, 2023):
Ok, interestingly, making
DNSClass::from_u16infallible triggers the panic that you ran into. But it doesn't look like you did that, I kinda wonder how this happened without that change (see the second commit to #2025)@bluejekyll commented on GitHub (Sep 18, 2023):
Ok, I think by fixing a couple of constructs in the parsing code around unknown values, this might be resolved. I only found the
debugpanics, not anyreleasemode panics. Please let me know if you think the fixes don't resolve this.