On 03/12/2019 22:52, Klaus Eisentraut wrote: > Hi, > > I recently did some fuzzing with afl-fuzz in the config file parsing > part of dnsmasq. I know it is not very useful, but it was very easy to > start with. > > Anyway, I found a (non-exploitable) crash in dnsmasq which can be > triggered by providing an invalid configuration file or an invalid > command line option. In order to reproduce it, just run > > dnsmasq --dhcp-match=a,120, > > The bug is in line 1473 of option.c where the statement "m[0] = 0" is > executed while m is set to NULL. > >> (gdb) run --dhcp-match=a,120, >> Starting program: dnsmasq --dhcp-match=a,120, >> >> Program received signal SIGSEGV, Segmentation fault. >> 0x000055555556aaf8 in parse_dhcp_opt (errstr=0x5555555c06b0 "", >> arg=0x5555555c02a6 "", flags=128) at option.c:1473 >> 1473 m[0] = 0; >> (gdb) p m >> $1 = (unsigned char *) 0x0 > > Is this interesting for you at all?
It is. Fix committed. Cheers, Simon. _______________________________________________ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
