Bug 15920 - incomplete bind configuration causes DLZ plugin to crash
Summary: incomplete bind configuration causes DLZ plugin to crash
Status: RESOLVED FIXED
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: DNS plugin (BIND DLZ) (show other bugs)
Version: unspecified
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Jule Anger
QA Contact: Samba QA Contact
URL:
Keywords:
: 15915 (view as bug list)
Depends on:
Blocks:
 
Reported: 2025-09-19 13:26 UTC by Alexander Bokovoy
Modified: 2025-09-26 13:52 UTC (History)
3 users (show)

See Also:

Attachments
v4.23 patch (1.88 KB, patch)
2025-09-23 21:00 UTC, Douglas Bagnall 		ab: review+
Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Bokovoy 2025-09-19 13:26:51 UTC 
From Fedora bug https://bugzilla.redhat.com/show_bug.cgi?id=2396621#c4

I have tried this snippet:

dlz example {
database "dlopen /usr/lib64/samba/bind9/dlz_bind9_18.so";
search no;
};

That crashes, but at least tries to load the plugin. I am not sure how exactly it should be configured in samba. Is it possible SELinux is blocking permissions perhaps?

In my case, it could not find /var/lib/samba/bind-dns/dns/sam.ldb and crashed when trying to log it. dlz_bind9_state were NULL at that point.

(gdb) bt
#0  0x00007ffff5292f03 in dlz_create (dlzname=<optimized out>, argc=1, argv=0x7ffff007d688, dbdata=0x7ffff007fe08) at ../../source4/dns_server/dlz_bind9.c:730
#1  0x0000555555560fb5 in dlopen_dlz_create (dlzname=0x7ffff0053140 "example", argc=2, argv=0x7ffff007d680, driverarg=<optimized out>, dbdata=<optimized out>) at ../../../bin/named/dlz_dlopen_driver.c:314
#2  0x00007ffff7d315c9 in dns_sdlzcreate (mctx=<optimized out>, dlzname=0x7ffff0053140 "example", argc=2, argv=0x7ffff007d680, driverarg=0x555555645c30, dbdata=0x7ffff007dc68) at ../../../lib/dns/sdlz.c:1627
#3  0x00007ffff7c380cb in dns_dlzcreate (mctx=mctx@entry=0x55555563c860, dlzname=0x7ffff0053140 "example", drivername=drivername@entry=0x7ffff007dbf0 "dlopen", argc=argc@entry=2, 
    argv=argv@entry=0x7ffff007d680, dbp=dbp@entry=0x7ffff6c4c4a0) at ../../../lib/dns/dlz.c:212
#4  0x0000555555576861 in configure_view (view=0x7ffff000f3b0, viewlist=<optimized out>, config=0x7ffff004e560, vconfig=0x0, cachelist=0x7ffff6c4d550, kasplist=<optimized out>, bindkeys=0x0, 
    mctx=0x55555563c860, actx=0x7ffff00052f0, need_hints=true) at ../../../bin/named/server.c:4485
#5  0x00005555555848bf in load_configuration (filename=<optimized out>, server=server@entry=0x555555645d10, first_time=first_time@entry=true) at ../../../bin/named/server.c:9569
#6  0x0000555555586ff7 in run_server (task=<optimized out>, event=<optimized out>) at ../../../bin/named/server.c:10306
#7  0x00007ffff7f64120 in task_run (task=0x555555692990) at ../../../lib/isc/task.c:832
#8  isc_task_run (task=0x555555692990) at ../../../lib/isc/task.c:913
#9  0x00007ffff7f237ec in isc__nm_async_task (worker=0x555555644f30, ev0=0x55555569ce70) at ../../../lib/isc/netmgr/netmgr.c:867
#10 0x00007ffff7f2b74d in process_netievent (worker=worker@entry=0x555555644f30, ievent=0x55555569ce70) at ../../../lib/isc/netmgr/netmgr.c:949
#11 0x00007ffff7f2be6f in process_queue (worker=worker@entry=0x555555644f30, type=type@entry=NETIEVENT_TASK) at ../../../lib/isc/netmgr/netmgr.c:1044
#12 0x00007ffff7f2c088 in process_all_queues (worker=0x555555644f30) at ../../../lib/isc/netmgr/netmgr.c:780
#13 async_cb (handle=0x555555645290) at ../../../lib/isc/netmgr/netmgr.c:809
#14 0x00007ffff7bac60e in uv__async_io (loop=0x555555644f40, w=<optimized out>, events=<optimized out>) at /usr/src/debug/libuv-1.51.0-2.fc43.x86_64/src/unix/async.c:208
#15 0x00007ffff7bcb71e in uv__io_poll (loop=0x555555644f40, timeout=<optimized out>) at /usr/src/debug/libuv-1.51.0-2.fc43.x86_64/src/unix/linux.c:1565
#16 0x00007ffff7bb69e2 in uv_run (loop=loop@entry=0x555555644f40, mode=mode@entry=UV_RUN_DEFAULT) at /usr/src/debug/libuv-1.51.0-2.fc43.x86_64/src/unix/core.c:460
#17 0x00007ffff7f2c57d in nm_thread (worker0=0x555555644f30) at ../../../lib/isc/netmgr/netmgr.c:711
#18 0x00007ffff7f6826c in isc__trampoline_run (arg=0x55555563f620) at ../../../lib/isc/trampoline.c:190
#19 0x00007ffff72f738b in start_thread (arg=<optimized out>) at pthread_create.c:448
#20 0x00007ffff737a46c in __GI___clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:78

But it proves bind tried to load something from it.
Comment 1 Alexander Bokovoy 2025-09-19 13:29:52 UTC 
MR: https://gitlab.com/samba-team/samba/-/merge_requests/4234
Comment 2 Douglas Bagnall 2025-09-20 00:50:05 UTC 
*** Bug 15915 has been marked as a duplicate of this bug. ***
Comment 3 Samba QA Contact 2025-09-20 06:50:04 UTC 
This bug was referenced in samba master:

821cf798d87162b1f3b5d7388891d15fea0a969a
Comment 4 Douglas Bagnall 2025-09-23 21:00:11 UTC 
Created attachment 18734 [details]
v4.23 patch

This wants to get into 4.23 fast.
Comment 5 Alexander Bokovoy 2025-09-24 06:16:16 UTC 
Comment on attachment 18734 [details]
v4.23 patch

LGTM
Comment 6 Alexander Bokovoy 2025-09-24 06:17:06 UTC 
Jule, please push to v4.23 branches.
Comment 7 Jule Anger 2025-09-25 12:13:40 UTC 
Pushed to autobuild-v4-23-test.
Comment 8 Samba QA Contact 2025-09-26 10:37:03 UTC 
This bug was referenced in samba v4-23-test:

7e144282251268b6fb45d6ccd06406c1077fba2e
Comment 9 Jule Anger 2025-09-26 13:18:30 UTC 
Closing out bug report.

Thanks!
Comment 10 Samba QA Contact 2025-09-26 13:52:25 UTC 
This bug was referenced in samba v4-23-stable (Release samba-4.23.1):

7e144282251268b6fb45d6ccd06406c1077fba2e