dhcpcd-discuss

Re: DHCPCD crashed with segfault when trying to add PPP host route in other interfaces

Hiroki Takeuchi

Thu Jan 02 01:56:26 2020

Hi Roy,

Thanks for fixing the problem, I've tested the patch and indeed it fixes
the problem!
This commit should apply to dhcpcd8/master as well right?
Happy new year!

On Tue, Dec 31, 2019 at 10:08 PM Roy Marples <roy@xxxxxxxxxxxx> wrote:

> Hi
>
> On 31/12/2019 04:07, Hiroki Takeuchi wrote:
> > I'm using debian/ubuntu variant of DHCPCD 7.1.0 patched with
> >
> https://roy.marples.name/cgit/dhcpcd.git/commit/?h=dhcpcd-7&id=75f2832a88b8f5a3078179404b149b7cd9623dbf
> > However, I noticed sometimes it still crashes with a segfault. I am able
> to
> > reproduce the problem under gdb. Here's the stack trace:
> > #0  sa_in_init (sa=sa@entry=0x5555557c9210, addr=0x10) at sa.c:438
> > #1  0x000055555557b33f in inet_routerhostroute (routes=0x7fffffffcf80,
> > ifp=0x5555557c5330) at ipv4.c:418
> > #2  inet_getroutes (ctx=ctx@entry=0x7fffffffe090,
> > routes=routes@entry=0x7fffffffcf80) at ipv4.c:438
> > #3  0x000055555556c4b3 in rt_build (ctx=0x7fffffffe090, af=af@entry=2)
> at
> > route.c:515
> > #4  0x000055555557bd5b in ipv4_applyaddr (arg=arg@entry=0x5555557a7510)
> at
> > ipv4.c:761
> > #5  0x0000555555576508 in dhcp_bind (ifp=ifp@entry=0x5555557a7510) at
> dhcp.c:2340
> > #6  0x000055555557682b in dhcp_arp_bind (ifp=0x5555557a7510) at
> dhcp.c:2451
> > #7  dhcp_static (ifp=ifp@entry=0x5555557a4010) at dhcp.c:2481
> > #8  0x000055555557a028 in dhcp_start1 (arg=0x5555557a4010,
> > arg@entry=0x5555557a7510) at dhcp.c:3697
> > #9  0x000055555557a9f0 in dhcp_start (ifp=0x5555557a7510) at dhcp.c:3871
> > #10 0x000055555556155c in dhcpcd_startinterface (arg=0x5555557a7510) at
> dhcpcd.c:921
> > #11 0x0000555555561881 in reconf_reboot (action=1, argc=3,
> argv=0x7fffffffd390,
> > oi=2, ctx=<optimized out>) at dhcpcd.c:1219
> > #12 0x00005555555627de in dhcpcd_handleargs (ctx=0x7fffffffe090,
> > fd=fd@entry=0x5555557bcd90, argc=argc@entry=3, argv=argv@entry=0x7fffffffd390)
>
> > at dhcpcd.c:1477
> > #13 0x000055555555f5ba in control_handle_data (arg=0x5555557bcd90) at
> control.c:143
> > #14 0x0000555555563aab in eloop_start (eloop=0x5555557b6340,
> > signals=0x7fffffffe198) at eloop.c:978
> > #15 0x000055555555e36b in main (argc=<optimized out>, argv=<optimized
> out>) at
> > dhcpcd.c:2024
> > As noticed, sa_in_init second parameter addr is 0x10 which is odd, I am
> guessing
> > it is reading a null-pointed structure offset. Hence, I printed the
> "state" in
> > the frame for inet_routerhostroute.
> > {state = DHS_DISCOVER, sent = 0x0, sent_len = 0, offer = 0x0, offer_len
> = 0, new
> > = 0x0, new_len = 0, old = 0x0, old_len = 0, lease = {addr = {s_addr =
> 0}, mask =
> > {s_addr = 0}, brd = {s_addr = 0}, leasetime = 0, renewaltime = 0,
> rebindtime =
> > 0, server = {s_addr = 0}, frominfo = 0 '\000', cookie = 0}, reason =
> > 0x55555558f32d "PREINIT", interval = 16, nakoff = 0, xid = 3583177864,
> socket =
> > 0, bpf_fd = 14, bpf_flags = 0, addr = 0x0, added = 0 '\000', leasefile =
> > "/var/lib/dhcpcd/eno1.lease", '\000' <repeats 144 times>, started =
> {tv_sec =
> > 605530, tv_nsec = 82764151}, clientid = 0x5555557c03f0 "\017\377}\377",
> > <incomplete sequence \305>, auth = {replay = 0, token = 0x0, reconf =
> 0x0},
> > arping_index = -1}
> > As expected, state->addr is NULL. In my environment, eno1 (which is the
> ifp it
> > crashes), it has an IP address which I added to it manually. Referencing
> > ipv4_hasaddr, I guess dhcp_state addr may be NULL if ifp haven't acquire
> a
> > lease, kindly correct me if I am wrong. If that is the case, I can
> merely make
> > the following changes inet_routerhostroute to address this issue.
> > if ((state = D_CSTATE(ifp)) == NULL)
> >      continue;
> > to
> > if ((state = D_CSTATE(ifp)) == NULL || state->addr == NULL)
> >      continue;
> > Is there any other things that need to be noticed or suggestions to fix
> this
> > issue? Thanks!
>
> Well, dhcpcd thinks we need the host route still.
> We really only need the lease address to specify the source address of the
> route. We don't really need that part so I've pushed a fix here which
> should fix
> the problem:
>
> https://roy.marples.name/cgit/dhcpcd.git/commit/?h=dhcpcd-7&id=8d7414a6d80f54ca82887e3dbb05fed9b568a9a8
>
> Please let me know!
>
> Roy
>

Follow-Ups:
Re: DHCPCD crashed with segfault when trying to add PPP host route in other interfacesRoy Marples
References:
DHCPCD crashed with segfault when trying to add PPP host route in other interfacesHiroki Takeuchi
Re: DHCPCD crashed with segfault when trying to add PPP host route in other interfacesRoy Marples
Archive administrator: postmaster@marples.name