[Dnsmasq-discuss] segfault with an empty OPTION_SNAME
Simon Kelley
simon at thekelleys.org.uk
Thu Feb 26 17:16:31 UTC 2026
Thanks for the report.
https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=66d9658f5f557e0e525e5db5449ef94686df50d3
should fix this.
Cheers,
Simon.
On 24.02.2026 13:30, Jeff Allen via Dnsmasq-discuss wrote:
> Hello,
>
> Today I debugged an unexpected new segfault in dnsmasq that appeared on
> a pre-production system. I found the culprit: a malformed "dhcp-option"
> line. It was malformed because of a difference between the systems that
> generate configs in preprod and prod.
>
> But that's my bug, and I'll fix it myself. However, I thought you'd like
> to know about the possibility of getting segfaults in dnsmasq anyway.
>
> It comes, in dnsmasq 2.90, from rfc2131.c line 2493:
>
> 2490 if ((!req_options || !in_list(req_options, OPTION_SNAME)) &&
> 2491 (opt = option_find2(OPTION_SNAME)) && !(opt->flags & DHOPT_FORCE))
> 2492 {
> 2493 safe_strncpy((char *)mess->sname, (char *)opt->val, sizeof(mess-
> >sname));
> 2494 done_server = 1;
> 2495 }
>
> If opt->val is NULL, then safe_strcpy will cause a segfault.
>
> Opt-val was NULL in my case because of this line in my config file:
>
> dhcp-option=tag:!ARISTA,66,
>
> The tag ARISTA was not set, so this option was used. If there's
> something after the comma, the crash goes away.
>
> Have a nice day,
> -jeff
>
>
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
More information about the Dnsmasq-discuss
mailing list