Hi,

I recently did some fuzzing with afl-fuzz in the config file parsing
part of dnsmasq. I know it is not very useful, but it was very easy to
start with.

Anyway, I found a (non-exploitable) crash in dnsmasq which can be
triggered by providing an invalid configuration file or an invalid
command line option. In order to reproduce it, just run

  dnsmasq --dhcp-match=a,120,

The bug is in line 1473 of option.c where the statement "m[0] = 0" is
executed while m is set to NULL.

> (gdb) run --dhcp-match=a,120,
> Starting program: dnsmasq --dhcp-match=a,120,
>
> Program received signal SIGSEGV, Segmentation fault.
> 0x000055555556aaf8 in parse_dhcp_opt (errstr=0x5555555c06b0 "",
> arg=0x5555555c02a6 "", flags=128) at option.c:1473
> 1473                  m[0] = 0;
> (gdb) p m
> $1 = (unsigned char *) 0x0

Is this interesting for you at all?

Kind regards,
Klaus Eisentraut



_______________________________________________
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Reply via email to