On 15 April 2014 08:34, Otto Moerbeek <o...@drijf.net> wrote: > On Mon, Apr 14, 2014 at 09:32:43PM -0400, sven falempin wrote: > >> so i got gdb back to the machine because i cannot reproduce outside of the >> box. >> gdb too old cannot gcore. >> >> The state is nasty, but i do get the trace of the dhcp transaction. >> >> [..] >> DHCPREQUEST on trunk0 to 255.255.255.255 port 67 >> DHCPACK from 10.0.0.254 (96:4f:87:9c:ad:67) >> >> Program received signal SIGSEGV, Segmentation fault. >> 0x1c005b26 in add_classless_static_routes (rdomain=13684944, >> classless_static_routes=0x0) at /usr/src/sbin/dhclient/dhclient.c:2408 >> 2408 /usr/src/sbin/dhclient/dhclient.c: No such file or directory. >> in /usr/src/sbin/dhclient/dhclient.c >> (gdb) bt >> #0 0x1c005b26 in add_classless_static_routes (rdomain=13684944, >> classless_static_routes=0x0) at /usr/src/sbin/dhclient/dhclient.c:2408 >> #1 0xd0d0d0d0 in ?? () >> #2 0x00d0d0d0 in ?? () >> #3 0x00000000 in ?? () > > ... the line in 5.4 is : > > 2405: i += bytes; > 2406: > 2407: memset(&gateway, 0, sizeof(gateway)); > 2408: memcpy(&gateway, &classless_static_routes->data[i], 4); > > The memcpy segfaults.
Not surprising *if* the gdb info is correct and the pointer parameter 'classless_static_routes' is NULL. :-) > Current and 5.5 have a rewritten version of this code. > Can you reproduce on current? That would be good to check, but if there a NULL pointer being passed I fear it will still fault. > > -Otto > [snip] >> >> 1397524674.011308 96:4f:87:9c:ad:67 fe:e1:ba:d0:8e:d0 0800 373: >> 10.0.0.254.67 > 10.0.0.126.68: xid:0x95ce17 Y:10.0.0.126 S:10.0.0.254 >> vend-rfc1048 DHCP:ACK SID:10.0.0.254 LT:43200 RN:21600 RB:37800 >> SM:255.255.255.0 BR:10.0.0.255 HN:"ulis-v12-GW" >> T121:415279105,3232236030,415279114,3232236030,3232236030,167772414 >> NS:10.0.0.254 DG:10.0.0.254 (DF) >> 0000: fee1 bad0 8ed0 964f 879c ad67 0800 4500 .......O...g..E. >> 0010: 0167 0000 4000 4011 240b 0a00 00fe 0a00 .g..@.@.$....... >> 0020: 007e 0043 0044 0153 9aa6 0201 0600 0095 .~.C.D.S........ >> 0030: ce17 0000 0000 0000 0000 0a00 007e 0a00 .............~.. >> 0040: 00fe 0000 0000 fee1 bad0 8ed0 0000 0000 ................ >> 0050: 0000 0000 0000 0000 0000 0000 0000 0000 ................ >> 0060: 0000 0000 0000 0000 0000 0000 0000 0000 ................ >> 0070: 0000 0000 0000 0000 0000 0000 0000 0000 ................ >> 0080: 0000 0000 0000 0000 0000 0000 0000 0000 ................ >> 0090: 0000 0000 0000 0000 0000 0000 0000 0000 ................ >> 00a0: 0000 0000 0000 0000 0000 0000 0000 0000 ................ >> 00b0: 0000 0000 0000 0000 0000 0000 0000 0000 ................ >> 00c0: 0000 0000 0000 0000 0000 0000 0000 0000 ................ >> 00d0: 0000 0000 0000 0000 0000 0000 0000 0000 ................ >> 00e0: 0000 0000 0000 0000 0000 0000 0000 0000 ................ >> 00f0: 0000 0000 0000 0000 0000 0000 0000 0000 ................ >> 0100: 0000 0000 0000 0000 0000 0000 0000 0000 ................ >> 0110: 0000 0000 0000 6382 5363 3501 0536 040a ......c.Sc5..6.. >> 0120: 0000 fe33 0400 00a8 c03a 0400 0054 603b ...3.....:...T`; >> 0130: 0400 0093 a801 04ff ffff 001c 040a 0000 ................ >> 0140: ff0c 0b75 6c69 732d 7631 322d 4757 7918 ...ulis-v12-GWy. >> 0150: 18c0 a801 c0a8 01fe 18c0 a80a c0a8 01fe ................ >> 0160: c0a8 01fe 0a00 00fe 0604 0a00 00fe 0304 ................ >> 0170: 0a00 00fe ff ..... > Pulling out the options provided we get Options ======= 6382 5363 /* Cookie */ 35 01 05 /* DHCP message type */ 36 04 0a 00 00 fe /* DHCP server id */ 33 04 00 00 a8 c0 /* DHCP lease time */ 3a 04 00 00 54 60 /* DHCP renewal time */ 3b 04 00 00 93 a8 /* DHCP rebinding time */ 01 04 ff ff ff 00 /* Subnet Mask */ 1c 04 0a 00 00 ff /* Broadcast Address */ 0c 0b 75 6c 69 73 2d 76 31 32 2d 47 57 /* Hostname */ 79 18 18 c0 a8 01 c0 a8 01 fe 18 c0 a8 0a c0 a8 01 fe c0 a8 01 fe 0a 00 00 fe /Classless static routes */ 06 04 0a 00 00 fe /* Domain Name Servers */ 03 04 0a 00 00 fe /* Routers */ ff /* End of Options */ And looking at the classless static routes closer we see 79 18 18 c0 a8 01 c0 a8 01 fe /* 192.168.1/24 via 192.168.1.254 */ 18 c0 a8 0a c0 a8 01 fe /* 192.168.10/24 via 192.168.1.254 */ c0 a8 01 fe 0a 00 00 fe /* ??? */ Where the last one is, to use the technical term, fucked. It seems to specify a network with 'c0' == 192 bits. I can't see how this would cause a NULL pointer to be passed though. .... Ken