[Dnsmasq-discuss] dnsmasq segmentation fault in checking configuration
Chen Gong
gongchen17 at pku.edu.cn
Mon Jun 6 03:14:15 UTC 2022
Hi, I recently followed a tutorial on fuzzing the dnsmasq with AFL (https://klaus.hohenpoelz.de/dnsmasq-fuzzing-with-afl.html). I repeated the same process on the newest version of dnsmasq. It appears that --dhcp-option does not allow the coexistence of vendor and encap.
My reproducing of the segfault:
This is caused by a union of encap and vendor_class in the struct dhcp_opt.
And code here overwrites the value of u.vendor_class with u.encap.
Thanks a lot for your patience!
Best,
Chen
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20220606/38191f87/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 1654482861795.png
Type: image/png
Size: 54184 bytes
Desc: not available
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20220606/38191f87/attachment-0003.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 1654483259508.png
Type: image/png
Size: 34416 bytes
Desc: not available
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20220606/38191f87/attachment-0004.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 1654483368646.png
Type: image/png
Size: 97563 bytes
Desc: not available
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20220606/38191f87/attachment-0005.png>
More information about the Dnsmasq-discuss
mailing list