[pkg-dhcp-devel] Bug#627136: [gdiener at excelii.com: Bug#627136: isc-dhcp-server: dhcpd segfaults on config with multiple empty lines]

Andrew Pollock apollock at debian.org
Thu Aug 25 05:44:22 UTC 2011


A user reported this bug to us a while ago. I can reproduce it with the
configuration included below on 4.2.2, just by using the -t option.

Please maintain the Cc of this email to keep our bug tracking system in the



----- Forwarded message from Glen Diener <gdiener at excelii.com> -----

Date: Tue, 17 May 2011 17:07:49 -0500
From: Glen Diener <gdiener at excelii.com>
To: Debian Bug Tracking System <submit at bugs.debian.org>
Subject: Bug#627136: isc-dhcp-server: dhcpd segfaults on config with multiple empty
X-Mailer: reportbug 4.12.6

Package: isc-dhcp-server
Version: 4.1.1-P1-15+squeeze2
Severity: important

The dhcpd server dies with segmentation fault when the dhcpd.conf file contains numerous 
consecutive blank lines. In my case, the dhcpd.conf had 100 consecutive lines with 23 spaces. 
The server will exhibit the same behavior with 1507 or more consecutive blank lines.

The relevant contents of /var/log/syslog follow:

May 17 15:45:41 buddy dhcpd: Internet Systems Consortium DHCP Server 4.1.1-P1
May 17 15:45:41 buddy dhcpd: Copyright 2004-2010 Internet Systems Consortium.
May 17 15:45:41 buddy dhcpd: All rights reserved.
May 17 15:45:41 buddy dhcpd: For info, please visit https://www.isc.org/software/dhcp/
May 17 15:45:41 buddy kernel: [29319.970678] dhcpd[15683]: segfault at 1003549 ip 00000000004414bc sp 00007fff74979718 error 4 in dhcpd[400000+a7000]

I suspect a buffer overflow problem when the amount of white space between configuration directives reaches a threshold.

-- System Information:
Debian Release: 6.0.1
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages isc-dhcp-server depends on:
ii  debconf [debconf-2.             Debian configuration management sy
ii  debianutils         3.4                  Miscellaneous utilities specific t
ii  isc-dhcp-common     4.1.1-P1-15+squeeze2 common files used by all the isc-d
ii  libc6               2.11.2-10            Embedded GNU C Library: Shared lib
ii  lsb-base            3.2-23.2squeeze1     Linux Standard Base 3.2 init scrip

isc-dhcp-server recommends no packages.

Versions of packages isc-dhcp-server suggests:
pn  isc-dhcp-server-ldap          <none>     (no description available)

-- Configuration Files:
/etc/dhcp/dhcpd.conf changed:
option domain-name "internal.excelhustler.com";
option domain-name-servers;
option wpad code 252 = text;
option wpad "http://wpad.internal.hustlerturf.com/wpad.dat";
option systemimager-server code 140 = text;
option systemimager-server "";
option space gpxe;
option gpxe-encap-opts code 175 = encapsulate gpxe;
option gpxe.bus-id code 177 = string;
option gpxe.keep-san code 8 = unsigned integer 8;
option subnet-mask;
default-lease-time 172800;
max-lease-time 345600;
allow duplicates; # Seems to be needed for Mac clients
subnet netmask {
  option broadcast-address;
  option routers;
host rgomez.desktop.internal.excelhustler.com {
  # This machine belongs to rgomez
  # This machine is: PG030911005191
  # Ethernet vendor is: Unknown
  hardware ethernet 00:e0:4c:a8:78:c0;
  filename "pxelinux.0";

-- debconf information excluded

----- End forwarded message -----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-dhcp-devel/attachments/20110824/14a71b16/attachment.pgp>

More information about the pkg-dhcp-devel mailing list