A portscan using nmap resulted in what seems to be an infinite loop in which JmDNS is continuously logging at severe level
> nmap-sU -sV -F <ip_address>/24
We managed to repeat this issue in an isolated virtual machine.
This resulted in this type of log over and over:
SEVERE [2012-05-23 15:57:14,538] j.j.i.DNSIncoming$MessageInputStream.readName: bad domain name: possible circular name detected. Bad offset: 0xffffffff at 0xe3
SEVERE [2012-05-23 15:57:14,538] j.j.i.c.DNSRecordType.typeForIndex: Could not find record type for index: -1
SEVERE [2012-05-23 15:57:14,565] j.j.i.DNSIncoming.readQuestion: Could not find record type: dns[query,<ip_address>:<port>, length=229, id=0x4f50, flags=0x5449:aa, questions=5492
questions:
[DNSQuestion@919299273 type: TYPE_IGNORE index 0, class: CLASS_UNKNOWN index 0, name: SIP/2.0
Via: SIP/2.0/UDP nm;bra.foo;rport
From: <sip:nm@nm>;tag=root
To: <sip:nm2@nm2>
Cal.ID: 50000
CSeq: 42 OPTIONS
Max-Forwards: 70.
Content-Leng. 0
Contact: <sip:nm@nm>
Accept: application/sdp
ϿϿϿ.]
[DNSQuestion@1665524793 type: TYPE_IGNORE index 0, class: CLASS_UNKNOWN index 0, name: ]
[DNSQuestion@25857306 type: TYPE_IGNORE index 0, class: CLASS_UNKNOWN index 0, name: ]
[DNSQuestion@792045248 type: TYPE_IGNORE index 0, class: CLASS_UNKNOWN index 0, name: ]
[DNSQuestion@1800839030 type: TYPE_IGNORE index 0, class: CLASS_UNKNOWN index 0, name: ]
[DNSQuestion@67056392 type: TYPE_IGNORE index 0, class: CLASS_UNKNOWN index 0, name: ]
[DNSQuestion@1735349316 type: TYPE_IGNORE index 0, class: CLASS_UNKNOWN index 0, name: ]
[DNSQuestion@1040544105 type: TYPE_IGNORE index 0, class: CLASS_UNKNOWN index 0, name: ]
[DNSQuestion@1465435214 type: TYPE_IGNORE index 0, class: CLASS_UNKNOWN index 0, name: ]
[DNSQuestion@79694255 type: TYPE_IGNORE index 0, class: CLASS_UNKNOWN index 0, name: ]
[DNSQuestion@1539031704 type: TYPE_IGNORE index 0, class: CLASS_UNKNOWN index 0, name: ]
[DNSQuestion@65321013 type: TYPE_IGNORE index 0, class: CLASS_UNKNOWN index 0, name: ]
[DNSQuestion@486121874 type: TYPE_IGNORE index 0, class: CLASS_UNKNOWN index 0, name: ]
[DNSQuestion@1222543130 type: TYPE_IGNORE index 0, class: CLASS_UNKNOWN index 0, name: ]
[DNSQuestion@158851414 type: TYPE_IGNORE index 0, class: CLASS_UNKNOWN index 0, name: ]
[DNSQuestion@493541877 type: TYPE_IGNORE index 0, class: CLASS_UNKNOWN index 0, name: ]
[DNSQuestion@1376482025 type: TYPE_IGNORE index 0, class: CLASS_UNKNOWN index 0, name: ]
[DNSQuestion@1839548691 type: TYPE_IGNORE index 0, class: CLASS_UNKNOWN index 0, name: ]
[DNSQuestion@2120267425 type: TYPE_IGNORE index 0, class: CLASS_UNKNOWN index 0, name: ]
[DNSQuestion@2138457304 type: TYPE_IGNORE index 0, class: CLASS_UNKNOWN index 0, name: ]
[DNSQuestion@765592136 type: TYPE_IGNORE index 0, class: CLASS_UNKNOWN index 0, name: ]
[DNSQuestion@1732500575 type: TYPE_IGNORE index 0, class: CLASS_UNKNOWN index 0, name: ]
[DNSQuestion@406394352 type: TYPE_IGNORE index 0, class: CLASS_UNKNOWN index 0, name: ]
[DNSQuestion@1271876604 type: TYPE_IGNORE index 0, class: CLASS_UNKNOWN index 0, name: ]
[DNSQuestion@377861190 type: TYPE_IGNORE index 0, class: CLASS_UNKNOWN index 0, name: ]
[DNSQuestion@603876151 type: TYPE_IGNORE index 0, class: CLASS_UNKNOWN index 0, name: ]
[DNSQuestion@338754135 type: TYPE_IGNORE index 0, class: CLASS_UNKNOWN index 0, name: ]
[DNSQuestion@461598748 type: TYPE_IGNORE index 0, class: CLASS_UNKNOWN index 0, name: ]
...
[DNSQuestion@58981589 type: TYPE_IGNORE index 0, class: CLASS_UNKNOWN index 0, name: ]
[DNSQuestion@1313605056 type: TYPE_IGNORE index 0, class: CLASS_UNKNOWN index 0, name: ]
[DNSQuestion@1628285032 type: TYPE_IGNORE index 0, class: CLASS_UNKNOWN index 0, name: ]
[DNSQuestion@1202419103 type: TYPE_IGNORE index 0, class: CLASS_UNKNOWN index 0, name: ]
[DNSQuestion@1236745851 type: TYPE_IGNORE index 0, class: CLASS_UNKNOWN index 0, name: ]]
question: [DNSQuestion@919299273 type: TYPE_IGNORE index 0, class: CLASS_UNKNOWN index 0, name: SIP/2.0
Via: SIP/2.0/UDP nm;bra.foo;rport
From: <sip:nm@nm>;tag=root
To: <sip:nm2@nm2>
Cal.ID: 50000
CSeq: 42 OPTIONS
Max-Forwards: 70.
Content-Leng. 0
Contact: <sip:nm@nm>
Accept: application/sdp
ϿϿϿ.]
question: [DNSQuestion@1665524793 type: TYPE_IGNORE index 0, class: CLASS_UNKNOWN index 0, name: ]
question: [DNSQuestion@25857306 type: TYPE_IGNORE index 0, class: CLASS_UNKNOWN index 0, name: ]
question: [DNSQuestion@792045248 type: TYPE_IGNORE index 0, class: CLASS_UNKNOWN index 0, name: ]
question: [DNSQuestion@1800839030 type: TYPE_IGNORE index 0, class: CLASS_UNKNOWN index 0, name: ]
This continued repeating extermely fast until we ran out of diskspace (gigabytes).
If you'd like more information please ask.
View and moderate all "bugs Discussion" comments posted by this user
Mark all as spam, and block user from posting to "Bugs"
That is logging 11020 lines (~1MB) every 300ms:
grep --line-number 'DNSIncoming.readQuestion' server.log_2012-05-23T15-57-14
3:SEVERE [2012-05-23 15:57:14,565] j.j.i.DNSIncoming.readQuestion: Could not find record type: dns[query,<ip_address>:<port>, length=229, id=0x4f50, flags=0x5449:aa, questions=5492
11023:SEVERE [2012-05-23 15:57:14,844] j.j.i.DNSIncoming.readQuestion: Could not find record type: dns[query,<ip_address>:<port>, length=229, id=0x4f50, flags=0x5449:aa, questions=5493
View and moderate all "bugs Discussion" comments posted by this user
Mark all as spam, and block user from posting to "Bugs"
The bug is repeatable with this test a colleague of mine made:
package javax.jmdns.test;
import java.net.DatagramPacket;
import java.net.InetAddress;
import java.util.Enumeration;
import java.util.logging.ConsoleHandler;
import java.util.logging.Level;
import java.util.logging.LogManager;
import java.util.logging.Logger;
import javax.jmdns.impl.DNSIncoming;
import javax.jmdns.impl.constants.DNSConstants;
import org.junit.Before;
import org.junit.Test;
public class Dos {
// This package is one the packages sent by nmap when run as: nmap -v -sU -sV -F 127.0.0.1
private static final byte[] nmap_scan_package = new byte[] {
0x30, (byte)0x82, 0x00, 0x2f, 0x02, 0x01, 0x00, 0x04, 0x06, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, (byte)0xa0, (byte)0x82, 0x00, 0x20, 0x02, 0x04, 0x4c, 0x33, (byte)0xa7, 0x56, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x30, (byte)0x82, 0x00, 0x10, 0x30, (byte)0x82, 0x00, 0x0c, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x02, 0x01, 0x01, 0x05, 0x00, 0x05, 0x00
};
@Test
public void x() throws Exception {
// The DNSIncoming constructor should probably do bounds checking on the following parts of the
// package: questions, answers, authorities, additionals
// The package above results in these values
// questions -> 513
// answers -> 4
// authorities -> 1648
// additionals -> 30050
new DNSIncoming(new DatagramPacket(nmap_scan_package, nmap_scan_package.length, InetAddress.getByName(DNSConstants.MDNS_GROUP), DNSConstants.MDNS_PORT));
}
@Before
public void enableLogging() {
ConsoleHandler handler = new ConsoleHandler();
handler.setLevel(Level.FINEST);
for (Enumeration<String> enumerator = LogManager.getLogManager().getLoggerNames(); enumerator.hasMoreElements();) {
String loggerName = enumerator.nextElement();
Logger logger = Logger.getLogger(loggerName);
logger.addHandler(handler);
logger.setLevel(Level.FINEST);
}
}
}
Ok we should do a sanity check a question is at least 5 bytes and an answer is 11 so we should have a maximum to compare with the packet length.
Pierre
I have comited a fix but I am on vacation with limited bandwith for testing Could you run it through its paces?
Thank you
Pierre
commit -m "UDP portscan causes JmDNS to log excessively - ID: 3529498" /Users/pierre/Projects/workspace/jmdns/CHANGELOG.txt /Users/pierre/Projects/workspace/jmdns/src/main/java/javax/jmdns/impl/DNSIncoming.java /Users/pierre/Projects/workspace/jmdns/src/test/java/javax/jmdns/test/DNSMessageTest.java
Sending /Users/pierre/Projects/workspace/jmdns/CHANGELOG.txt
Sending /Users/pierre/Projects/workspace/jmdns/src/main/java/javax/jmdns/impl/DNSIncoming.java
Sending /Users/pierre/Projects/workspace/jmdns/src/test/java/javax/jmdns/test/DNSMessageTest.java
Transmitting file data ...
Committed revision 341.
View and moderate all "bugs Discussion" comments posted by this user
Mark all as spam, and block user from posting to "Bugs"
ok thanks spearway we're trying the patch out now... will get back to you on how it goes.
View and moderate all "bugs Discussion" comments posted by this user
Mark all as spam, and block user from posting to "Bugs"
View and moderate all "bugs Discussion" comments posted by this user
Mark all as spam, and block user from posting to "Bugs"
I've tested rev 341 and it looks good, thanks!
Last edit: Anonymous 2014-08-24