Hello, quick followup. I realized that 2.90 is quite old, and I felt guilty that I might have reported a bug that was fixed a while ago.
The problem still exists in master. parse_dhcp_opt() still uses opt_string_alloc() for strings; opt_string_alloc() returns NULL for empty strings. So `dhcp-option=tag:!ARISTA,66,` still yields `opt->val == NULL`. Hope this is helpful. -jeff PS: I don't know how people feel about AI coding, but the analysis above is from GPT 5.2 Codex, as driven by the exe.the dev agent harness, which I then checked personally. I gave it the repo URL, and my original bug report, and I asked if the bug was fixed in master. On Tue, Feb 24, 2026 at 2:30 PM Jeff Allen <[email protected]> wrote: > Hello, > > Today I debugged an unexpected new segfault in dnsmasq that appeared on a > pre-production system. I found the culprit: a malformed "dhcp-option" line. > It was malformed because of a difference between the systems that generate > configs in preprod and prod. > > But that's my bug, and I'll fix it myself. However, I thought you'd like > to know about the possibility of getting segfaults in dnsmasq anyway. > > It comes, in dnsmasq 2.90, from rfc2131.c line 2493: > > 2490 if ((!req_options || !in_list(req_options, OPTION_SNAME)) && > 2491 (opt = option_find2(OPTION_SNAME)) && !(opt->flags & DHOPT_FORCE)) > 2492 { > 2493 safe_strncpy((char *)mess->sname, (char *)opt->val, > sizeof(mess->sname)); > 2494 done_server = 1; > 2495 } > > If opt->val is NULL, then safe_strcpy will cause a segfault. > > Opt-val was NULL in my case because of this line in my config file: > > dhcp-option=tag:!ARISTA,66, > > The tag ARISTA was not set, so this option was used. If there's > something after the comma, the crash goes away. > > Have a nice day, > -jeff > >
_______________________________________________ Dnsmasq-discuss mailing list [email protected] https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
