[Dnsmasq-discuss] segfault with an empty OPTION_SNAME
Jeff Allen
jeff.allen at exoscale.ch
Tue Feb 24 14:50:39 UTC 2026
Hello, quick followup.
I realized that 2.90 is quite old, and I felt guilty that I might have
reported a bug that was fixed a while ago.
The problem still exists in master. parse_dhcp_opt() still uses
opt_string_alloc() for strings; opt_string_alloc() returns NULL for empty
strings. So `dhcp-option=tag:!ARISTA,66,` still yields `opt->val == NULL`.
Hope this is helpful.
-jeff
PS: I don't know how people feel about AI coding, but the analysis above is
from GPT 5.2 Codex, as driven by the exe.the dev agent harness, which I
then checked personally. I gave it the repo URL, and my original bug
report, and I asked if the bug was fixed in master.
On Tue, Feb 24, 2026 at 2:30 PM Jeff Allen <jeff.allen at exoscale.ch> wrote:
> Hello,
>
> Today I debugged an unexpected new segfault in dnsmasq that appeared on a
> pre-production system. I found the culprit: a malformed "dhcp-option" line.
> It was malformed because of a difference between the systems that generate
> configs in preprod and prod.
>
> But that's my bug, and I'll fix it myself. However, I thought you'd like
> to know about the possibility of getting segfaults in dnsmasq anyway.
>
> It comes, in dnsmasq 2.90, from rfc2131.c line 2493:
>
> 2490 if ((!req_options || !in_list(req_options, OPTION_SNAME)) &&
> 2491 (opt = option_find2(OPTION_SNAME)) && !(opt->flags & DHOPT_FORCE))
> 2492 {
> 2493 safe_strncpy((char *)mess->sname, (char *)opt->val,
> sizeof(mess->sname));
> 2494 done_server = 1;
> 2495 }
>
> If opt->val is NULL, then safe_strcpy will cause a segfault.
>
> Opt-val was NULL in my case because of this line in my config file:
>
> dhcp-option=tag:!ARISTA,66,
>
> The tag ARISTA was not set, so this option was used. If there's
> something after the comma, the crash goes away.
>
> Have a nice day,
> -jeff
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20260224/a47a0943/attachment.htm>
More information about the Dnsmasq-discuss
mailing list