Hi Dominik, Are you sure the patch I sent does not solve this? I think it should or are there more places where a lease_update_dns(0) is missing? Alternatively, can there be dangling pointers left even after lease_update_dns has been run?
Best regards, Erik Den mån 6 maj 2024 07:14Dominik Derigs via Dnsmasq-discuss < dnsmasq-discuss@lists.thekelleys.org.uk> skrev: > Hey Simon, > > we found a bug resulting in a use-after-free returning garbage data and > possibly crash when using DHCP + stale cache data. > > The bug is triggered when using DHCP and a lease expires. It's name is > then free'd in kill_name() + do_script_run(). When the PTR record is > queried thereafter and use-stale-cache is enabled, dnsmasq accesses this > dangling pointer and returns random data - often a string containing a few > control characters, once dnsmasq even SEGFAULTed. > > Related dnsmasq.log: > > May 5 19:00:00 dnsmasq[4395]: query[PTR] 141.2.168.192.in-addr.arpa from > 127.0.0.1May 5 19:00:00 dnsmasq[4395]: DHCP 192.168.2.141 is **<name > unprintable>**May 5 19:00:00 dnsmasq[4395]: forwarded > 141.2.168.192.in-addr.arpa to 1.0.0.1 > > The final immediate "forwarded" line comes from dnsmasq itself and > confirms that this was triggered by use-stale-cache. > > Best, > Dominik > > P.S.: The patch recently sent by Erik Karlsson doesn't fix this, it > touches other code. > _______________________________________________ > Dnsmasq-discuss mailing list > Dnsmasq-discuss@lists.thekelleys.org.uk > https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss >
_______________________________________________ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss