#627136 isc-dhcp-server: dhcpd segfaults on config with multiple empty lines

Package:
isc-dhcp-server
Source:
isc-dhcp
Description:
ISC DHCP server for automatic IP address assignment
Submitter:
Glen Diener
Date:
2011-08-26 05:57:11 UTC
Severity:
important
#627136#5
Date:
2011-05-17 22:07:49 UTC
From:
To:
The dhcpd server dies with segmentation fault when the dhcpd.conf file contains numerous
consecutive blank lines. In my case, the dhcpd.conf had 100 consecutive lines with 23 spaces.
The server will exhibit the same behavior with 1507 or more consecutive blank lines.

The relevant contents of /var/log/syslog follow:

May 17 15:45:41 buddy dhcpd: Internet Systems Consortium DHCP Server 4.1.1-P1
May 17 15:45:41 buddy dhcpd: Copyright 2004-2010 Internet Systems Consortium.
May 17 15:45:41 buddy dhcpd: All rights reserved.
May 17 15:45:41 buddy dhcpd: For info, please visit https://www.isc.org/software/dhcp/
May 17 15:45:41 buddy kernel: [29319.970678] dhcpd[15683]: segfault at 1003549 ip 00000000004414bc sp 00007fff74979718 error 4 in dhcpd[400000+a7000]

I suspect a buffer overflow problem when the amount of white space between configuration directives reaches a threshold.

#627136#14
Date:
2011-08-25 05:44:22 UTC
From:
To:
Hello,

A user reported this bug to us a while ago. I can reproduce it with the
configuration included below on 4.2.2, just by using the -t option.

Please maintain the Cc of this email to keep our bug tracking system in the
loop.

regards

Andrew
----- Forwarded message from Glen Diener <gdiener@excelii.com> ----- Date: Tue, 17 May 2011 17:07:49 -0500 From: Glen Diener <gdiener@excelii.com> To: Debian Bug Tracking System <submit@bugs.debian.org> Subject: Bug#627136: isc-dhcp-server: dhcpd segfaults on config with multiple empty lines X-Mailer: reportbug 4.12.6 Package: isc-dhcp-server Version: 4.1.1-P1-15+squeeze2 Severity: important The dhcpd server dies with segmentation fault when the dhcpd.conf file contains numerous consecutive blank lines. In my case, the dhcpd.conf had 100 consecutive lines with 23 spaces. The server will exhibit the same behavior with 1507 or more consecutive blank lines. The relevant contents of /var/log/syslog follow: May 17 15:45:41 buddy dhcpd: Internet Systems Consortium DHCP Server 4.1.1-P1 May 17 15:45:41 buddy dhcpd: Copyright 2004-2010 Internet Systems Consortium. May 17 15:45:41 buddy dhcpd: All rights reserved. May 17 15:45:41 buddy dhcpd: For info, please visit https://www.isc.org/software/dhcp/ May 17 15:45:41 buddy kernel: [29319.970678] dhcpd[15683]: segfault at 1003549 ip 00000000004414bc sp 00007fff74979718 error 4 in dhcpd[400000+a7000] I suspect a buffer overflow problem when the amount of white space between configuration directives reaches a threshold.
----- End forwarded message -----
#627136#17
Date:
2011-08-25 05:44:22 UTC
From:
To:
Hello,

A user reported this bug to us a while ago. I can reproduce it with the
configuration included below on 4.2.2, just by using the -t option.

Please maintain the Cc of this email to keep our bug tracking system in the
loop.

regards

Andrew
----- Forwarded message from Glen Diener <gdiener@excelii.com> ----- Date: Tue, 17 May 2011 17:07:49 -0500 From: Glen Diener <gdiener@excelii.com> To: Debian Bug Tracking System <submit@bugs.debian.org> Subject: Bug#627136: isc-dhcp-server: dhcpd segfaults on config with multiple empty lines X-Mailer: reportbug 4.12.6 Package: isc-dhcp-server Version: 4.1.1-P1-15+squeeze2 Severity: important The dhcpd server dies with segmentation fault when the dhcpd.conf file contains numerous consecutive blank lines. In my case, the dhcpd.conf had 100 consecutive lines with 23 spaces. The server will exhibit the same behavior with 1507 or more consecutive blank lines. The relevant contents of /var/log/syslog follow: May 17 15:45:41 buddy dhcpd: Internet Systems Consortium DHCP Server 4.1.1-P1 May 17 15:45:41 buddy dhcpd: Copyright 2004-2010 Internet Systems Consortium. May 17 15:45:41 buddy dhcpd: All rights reserved. May 17 15:45:41 buddy dhcpd: For info, please visit https://www.isc.org/software/dhcp/ May 17 15:45:41 buddy kernel: [29319.970678] dhcpd[15683]: segfault at 1003549 ip 00000000004414bc sp 00007fff74979718 error 4 in dhcpd[400000+a7000] I suspect a buffer overflow problem when the amount of white space between configuration directives reaches a threshold.
----- End forwarded message -----
#627136#20
Date:
2011-08-25 19:37:03 UTC
From:
To:
Andrew --

I've confirmed that dhcpd behaves as you have described -- thanks for the
useful characterization of the bug, it made it much easier to reproduce --
and forwarded it to our dev team along with conf files which trigger it.

Thanks for reporting it.

Michael McNally
ISC Support

#627136#21
Date:
2011-08-25 19:37:03 UTC
From:
To:
Andrew --

I've confirmed that dhcpd behaves as you have described -- thanks for the
useful characterization of the bug, it made it much easier to reproduce --
and forwarded it to our dev team along with conf files which trigger it.

Thanks for reporting it.

Michael McNally
ISC Support

#627136#26
Date:
2011-08-26 05:49:23 UTC
From:
To:
----- Forwarded message from DHCP Bugs via RT <dhcp-bugs@isc.org> -----

From: DHCP Bugs via RT <dhcp-bugs@isc.org>
To: apollock@debian.org
Subject: [ISC-Bugs #25601] AutoReply: [gdiener@excelii.com: Bug#627136:
	isc-dhcp-server: dhcpd segfaults on config with multiple empty lines]
Date: Thu, 25 Aug 2011 05:45:18 +0000


Greetings,

This message has been automatically generated in response to the
creation of a trouble ticket regarding:
	"[gdiener@excelii.com: Bug#627136: isc-dhcp-server: dhcpd segfaults on config with multiple empty lines]",
a summary of which appears below.

There is no need to reply to this message right now.  Your ticket has been
assigned an ID of [ISC-Bugs #25601].

Please include the string:

         [ISC-Bugs #25601]

in the subject line of all future correspondence about this issue. To do so,
you may reply to this message.

                        Thank you,
                        dhcp-bugs@isc.org
------------------------------------------------------------------------- Hello, A user reported this bug to us a while ago. I can reproduce it with the configuration included below on 4.2.2, just by using the -t option. Please maintain the Cc of this email to keep our bug tracking system in the loop. regards Andrew
----- Forwarded message from Glen Diener <gdiener@excelii.com> ----- Date: Tue, 17 May 2011 17:07:49 -0500 From: Glen Diener <gdiener@excelii.com> To: Debian Bug Tracking System <submit@bugs.debian.org> Subject: Bug#627136: isc-dhcp-server: dhcpd segfaults on config with multiple empty lines X-Mailer: reportbug 4.12.6 Package: isc-dhcp-server Version: 4.1.1-P1-15+squeeze2 Severity: important The dhcpd server dies with segmentation fault when the dhcpd.conf file contains numerous consecutive blank lines. In my case, the dhcpd.conf had 100 consecutive lines with 23 spaces. The server will exhibit the same behavior with 1507 or more consecutive blank lines. The relevant contents of /var/log/syslog follow: May 17 15:45:41 buddy dhcpd: Internet Systems Consortium DHCP Server 4.1.1-P1 May 17 15:45:41 buddy dhcpd: Copyright 2004-2010 Internet Systems Consortium. May 17 15:45:41 buddy dhcpd: All rights reserved. May 17 15:45:41 buddy dhcpd: For info, please visit https://www.isc.org/software/dhcp/ May 17 15:45:41 buddy kernel: [29319.970678] dhcpd[15683]: segfault at 1003549 ip 00000000004414bc sp 00007fff74979718 error 4 in dhcpd[400000+a7000] I suspect a buffer overflow problem when the amount of white space between configuration directives reaches a threshold.
----- End forwarded message -----
----- End forwarded message -----