When sending a 'AddDhcpLease' DBus message to a dnsmasq instance that does not have a dhcp-range configured, then dnsmasq segfaults. This happens because dnsmasq tries to allocate a lease, but DHCP is not initialized. lease_allocate returns a null pointer, which is in turn used by lease_set_hwaddr in the dbus handler, triggering the segfault. Avoid this by adding a null check and returning early from the dbus handler with an error.
This has already been reported previously here [1]. [1] https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2024q4/017851.html Signed-off-by: Stefan Hanreich <[email protected]> --- src/dbus.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/src/dbus.c b/src/dbus.c index dac92ed..b734f85 100644 --- a/src/dbus.c +++ b/src/dbus.c @@ -612,13 +612,21 @@ static DBusMessage *dbus_add_lease(DBusMessage* message) if (!(lease = lease6_find_by_addr(&addr.addr6, 128, 0))) lease = lease6_allocate(&addr.addr6, is_temporary ? LEASE_TA : LEASE_NA); - lease_set_iaid(lease, ia_id); + + if (lease) { + lease_set_iaid(lease, ia_id); + } } #endif else return dbus_message_new_error_printf(message, DBUS_ERROR_INVALID_ARGS, "Invalid IP address '%s'", ipaddr); + if (!lease) { + return dbus_message_new_error_printf(message, DBUS_ERROR_INVALID_ARGS, + "unable to allocate lease for IP address '%s'", ipaddr); + } + hw_len = parse_hex((char*)hwaddr, dhcp_chaddr, DHCP_CHADDR_MAX, NULL, &hw_type); if (hw_len < 0) return dbus_message_new_error_printf(message, DBUS_ERROR_INVALID_ARGS, -- 2.47.3 _______________________________________________ Dnsmasq-discuss mailing list [email protected] https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
