Re: [Dnsmasq-discuss] Memory corruption in my_syslog (log.c), SIGABRT (double free)

2017-05-04 Thread Stephan Zeisberg
Sorry for the confusion with the parse_hex bug ;). You are correct, it's not remotely exploitable, but maybe a local attacker could create a specially crafted config file to trigger arbitrary free() calls, which in turn could lead to arbitrary code execution. Cheers, Stephan Simon Kelley: >

Re: [Dnsmasq-discuss] Memory corruption in my_syslog (log.c), SIGABRT (double free)

2017-05-03 Thread Simon Kelley
This is actually another instance of the parse_hex bug, which caused a certain amount of confusion. Anyway, fixes for that and the hostname_isequal() one committed to git. Thanks for running these tests. (In case it's not obvious, these are not security problems, since they rely on malformed

[Dnsmasq-discuss] Memory corruption in my_syslog (log.c), SIGABRT (double free)

2017-05-03 Thread Stephan Zeisberg
Hello, opening the attached sample config input file with dnsmasq results in a SIGABRT. The input file is fuzzed with american fuzzy lop http://lcamtuf.coredump.cx/afl/. version: commit b2a9c571ebb333acbaa6bd752142df6821cb410c how to reproduce: $ ./src/dnsmasq --test -C Output (memory