[pkg-dhcp-devel] Bug#617258: isc-dhcp-relay: segfaults if client-facing interface has label

Marc Haber mh+debian-bugs at zugschlus.de
Mon Mar 7 16:12:26 UTC 2011


Package: isc-dhcp-relay
Version: 4.1.1-P1-16
Severity: normal

Hi,

dhcrelay segfaults on first incoming packet if the client-facing
interface has a label on its IP address

Steps to reproduce:

Have Debian box with two interfaces, two networks 192.168.0.0/24 and
10.0.0.0/24.

ip link set dev eth0 up
ip link set dev eth1 up
ip addr add dev eth0 192.168.0.254/24 brd +
ip addr add dev eth1 10.0.0.1/24 brd + label eth1:foo
ip addr
50: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
    link/ether 00:25:b3:01:c6:d0 brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.254/24 brd 192.168.0.255 scope global
51: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
    link/ether 00:25:b3:01:c6:d0 brd ff:ff:ff:ff:ff:ff
    inet 10.0.0.1/24 brd 10.0.0.255 scope global eth1:foo
dhcrelay -d -i eth0 -i eth1 192.168.0.1
(it is not necessary to have a DHCP server on 192.168.0.1)
have a client connected to 10.0.0.1 send a DHCP request

dhcrelay segfaults in dhcrelay.c line 660

backtrace:
$ gdb /usr/sbin/dhcrelay core
GNU gdb (GDB) 7.0.1-debian
Copyright (C) 2009 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "i486-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /usr/sbin/dhcrelay...Reading symbols from /usr/lib/debug/usr/sbin/dhcrelay...done.
(no debugging symbols found)...done.

warning: Can't read pathname for load map: Input/output error.
Reading symbols from /lib/libc.so.6...(no debugging symbols found)...done.
Loaded symbols for /lib/libc.so.6
Reading symbols from /lib/ld-linux.so.2...(no debugging symbols found)...done.
Loaded symbols for /lib/ld-linux.so.2
Reading symbols from /lib/libnss_files.so.2...(no debugging symbols found)...done.
Loaded symbols for /lib/libnss_files.so.2
Core was generated by `dhcrelay -d -i eth0 -i eth1 192.168.0.1'.
Program terminated with signal 11, Segmentation fault.
#0  0x0804c5f8 in do_relay4 (ip=0x80aa560, packet=0xbfe2d768, length=300,
    from_port=17408, from=..., hfrom=0xbfe2e77e) at dhcrelay.c:660
660     dhcrelay.c: No such file or directory.
        in dhcrelay.c
(gdb) bt
#0  0x0804c5f8 in do_relay4 (ip=0x80aa560, packet=0xbfe2d768, length=300,
    from_port=17408, from=..., hfrom=0xbfe2e77e) at dhcrelay.c:660
#1  0x08053923 in got_one (h=0x80aa560) at discover.c:1393
#2  0x0807dd22 in omapi_one_dispatch (wo=0x0, t=0x0) at dispatch.c:520
#3  0x08055718 in dispatch () at dispatch.c:92
#4  0x0804ad56 in main (argc=7, argv=0xbfe2ecb4) at dhcrelay.c:549
(gdb)

   654          /* If giaddr is not already set, Set it so the server can
   655             figure out what net it's from and so that we can later
   656             forward the response to the correct net.    If it's already
   657             set, the response will be sent directly to the relay agent
   658             that set giaddr, so we won't see it. */
   659          if (!packet->giaddr.s_addr)
   660                  packet->giaddr = ip->addresses[0];
   661          if (packet->hops < max_hop_count)
   662                  packet->hops = packet->hops + 1;
   663          else
   664                  return;

Greetings
Marc





More information about the pkg-dhcp-devel mailing list