projects / dnsmasq.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 5846f74)
Fix crash in filter_servers(). v2.92test11
authorSimon Kelley <simon@thekelleys.org.uk>
Mon, 2 Jun 2025 21:37:08 +0000 (22:37 +0100)
committerSimon Kelley <simon@thekelleys.org.uk>
Mon, 2 Jun 2025 21:37:08 +0000 (22:37 +0100)
The bug occurs when we ask lookup_domain() for a server for a domain
which is not a general upstream server, by setting F_DOMAINSRV in the flags.

If there are no possible servers, because there are no upstream servers
defined (for instance, at startup) then the code steps off the end of an
array and SEGVs.

The bug has been latent for some time, but
3e659bd4ec6525ebe4518fd10b8e183997f46351 added a new call to lookup_domain()
which can actually trigger the bug if DNSSEC is enabled and a certain
amount of bad luck ensues.

Thanks to the testers extraordinaire at PiHole for reporting this.

src/domain-match.c patch | blob | history

diff --git a/src/domain-match.c b/src/domain-match.c
index a2e2266..708790f 100644 (file)
--- a/src/domain-match.c
+++ b/src/domain-match.c
@@ -343,10 +343,8 @@ int filter_servers(int seed, int flags, int *lowout, int *highout)
                      else
                        {
                          /* If we want a server for a particular domain, and this one isn't, return nothing. */
-                         if ((flags & F_DOMAINSRV) && daemon->serverarray[nlow]->domain_len == 0)
+                         if (nlow != nhigh && (flags & F_DOMAINSRV) && daemon->serverarray[nlow]->domain_len == 0)
                            nlow = nhigh;
-                         else
-                           nlow = i;
                        }
                    }
                }
Dnsmasq DNS proxy and DHCP server.