[Dnsmasq-discuss] netid list issue
Alexander Nickulin
anikulin at dlink.ru
Wed Mar 20 10:42:22 GMT 2013
Hi, Simon and all!
I have some issues concerning to dhcp_reply at rfc2131.c
struct dhcp_netid *netid points to local (stack) variables
known_id, iface_id, cpewan_id that will be lost after subj
function returns.
So i have after
if (config)
{
struct dhcp_netid_list *list;
for (list = config->netid; list; list = list->next)
{
list->list->next = netid;
netid = list->list;
}
}
and before dhcp match loop:
config: 0x649400 <- malloc'd
netid: 0x6494c0 <- malloc'd
list: 0x6494a0 <- malloc'd
net: 0x6494e0 "red" <- tag supplied by me using dhcp-conf opt, malloc'd
next: 0x7fffffffe220 <- stack known_id variable! (x86_64)
net: 0x4416ea "known" <- .rodata
next: 0x7fffffffe210 <- stack iface_id
net: 0x7fffffffe650 "eth1" <- stack iface_name variable
next: 0x0
next: 0x0
May be rfc3315.c (DHCPv6) has the same issue. I dont use it.
This is so obvious that i'm not sure. Can i understand anything wrong?
But of course SIGSEGV appears on dhcp_config->netid->list iterating
outside of subj function:
for (id = netid->list; id; id = id->next)
I guess this is not ok.
Thanks!
More information about the Dnsmasq-discuss
mailing list