unbound-checkconf treats valid config as invalid
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
unbound (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Jammy |
Fix Released
|
Undecided
|
Lena Voytek |
Bug Description
[Impact]
When a user attempts to run unbound-checkconf and any of their stated interfaces matches the name of an existing network interface, the program will crash and will be unable to verify the configuration.
For example, if an unbound configuration file contains something like
server:
interface: lan0
or
server:
interface: lo
and so on, unbound-checkconf will crash.
This fix should be added to Jammy so configuration files and network interfaces can be properly validated for unbound.
The bug was fixed by adding a few commits from upstream as patches to unbound-checkconf. A function in unbound-checkconf.c was modified to resolve the interface name and check
that it works correctly. Meanwhile a commit that modifies the function resolve_
[Test Plan]
The following test can be used to reproduce the error:
# lxc launch images:ubuntu/jammy test-unbound
# lxc exec test-unbound bash
# apt update && apt dist-upgrade -y
# apt install unbound -y
# echo "
server:
interface: lo" >> /etc/unbound/
# unbound-checkconf
[Where problems could occur]
Since the resolve_
The new patches also contain new memory allocation statements, so memory leaking from unfreed callocs can also be an issue.
[Other Info]
The issue was fixed upstream and was fixed in Kinetic through the most recent merge into Ubuntu.
[Original Description]
in unbound config one of the valid ways to specify IPs to listen on is to specify an interface name. e.g.
```
server:
interface: lan0
```
unbound starts and works correctly, but unbound-checkconf returns an error:
```
# unbound-checkconf
[1661781808] unbound-
```
this bug was fixed upstream https:/
Related branches
- git-ubuntu bot: Approve
- Bryce Harrington (community): Approve
- Canonical Server Reporter: Pending requested
-
Diff: 385 lines (+357/-0)4 files modifieddebian/changelog (+12/-0)
debian/patches/fix-checkconf-interface-name-error.patch (+102/-0)
debian/patches/resolve-control-interface-names.patch (+241/-0)
debian/patches/series (+2/-0)
description: | updated |
description: | updated |
Changed in unbound (Ubuntu Jammy): | |
status: | In Progress → Fix Committed |
tags: |
added: verification-done removed: verification-needed |
Thanks for taking the time to report this bug and trying to make Ubuntu better.
The commit which fixed the mentioned issue is this one:
https:/ /github. com/NLnetLabs/ unbound/ commit/ dcad9d586329961 efed36cf7c3b26a d8c27ddd64
It was released in version 1.16.2, already in Kinetic.