[Dnsmasq-discuss] [BUG] [PATCH] Segmentation fault in src/forward.c
pemensik at redhat.com
Wed Sep 22 22:07:37 UTC 2021
Good catch. A new bug #2006367  were also reported on Fedora. It
seems to point to related structures and memory corruption in them. I
have no coredump to check it (yet), so mostly guessing.
Juggling with type unsafe structures with few common members is quite
bad idea. I think those structures should contain common server_local
struct member at the start. They could pass pointer to it on every place
which needs working just with those common parts.
On domain-match.c:677 is also suspicious memset. Its flags are not
directly related to allocated size. I think there might be a case, when
it overwrites more memory than allocated for the pointer. On line 696 it
may overwrite interface target even with flags SERV_4ADDR | SERV_6ADDR.
Both allow rewriting uid member when HAVE_LOOP is set, which is a
default. I see many tricky corners without simple and readable checks
ensuring it always does what it should. I think char type enum would
definitely not hurt in common structure instead of this juggling with
flags. It would be much more clear what members are available. I think
default struct should be the smallest one and only retyped to bigger
struct, if some flag clearly indicated it is there. Preferred would be
separate type member.
At first it should be fixed by minimal fix. I think constant sized
structure with some unused members would be far more safe. I think union
would be good candidate here. Its a pity we did not notice those issues
before release. I should spend some time on basic automated tests again.
I think dnsmasq it small, but needs more regular testing.
On 9/16/21 16:31, Dominik DL6ER wrote:
> Addendum: Depending on the configuration, it can happen that the
> query is sent to another server that is configured to be used for
> an altogether different domain, e.g.
> resulting in "A bo.net" being sent to 192.168.0.1
> Something is definitely fishy here.
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
Red Hat, http://www.redhat.com/
email: pemensik at redhat.com
More information about the Dnsmasq-discuss