Hi, I recently did some fuzzing with afl-fuzz in the config file parsing part of dnsmasq. I know it is not very useful, but it was very easy to start with.
Anyway, I found a (non-exploitable) crash in dnsmasq which can be triggered by providing an invalid configuration file or an invalid command line option. In order to reproduce it, just run dnsmasq --dhcp-match=a,120, The bug is in line 1473 of option.c where the statement "m = 0" is executed while m is set to NULL. > (gdb) run --dhcp-match=a,120, > Starting program: dnsmasq --dhcp-match=a,120, > > Program received signal SIGSEGV, Segmentation fault. > 0x000055555556aaf8 in parse_dhcp_opt (errstr=0x5555555c06b0 "", > arg=0x5555555c02a6 "", flags=128) at option.c:1473 > 1473 m = 0; > (gdb) p m > $1 = (unsigned char *) 0x0 Is this interesting for you at all? Kind regards, Klaus Eisentraut _______________________________________________ Dnsmasq-discuss mailing list Dnsmasqfirstname.lastname@example.org http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss