From: Robert Mooney [rjmooney@aboveground.cx] Sent: Tuesday, January 07, 2003 10:38 PM To: 'misc@openbsd.org' Subject: DHCPD + mutliple interfaces + stack protection = core dump? I've noticed an oddity with DHCPD under 3.2-current when specifying multiple subnets: the stack protected version (i.e. the -current snapshot of DHCPD, as well as a version compiled directly from -current sources) core dumps. A version compiled with stack protection turned off (-fno-stack-protector) does not. Here is my dhcpd.conf: -- snip -- option domain-name "my.dom.ain"; option domain-name-servers 10.0.0.1; subnet 10.0.0.128 netmask 255.255.255.192 { option routers 10.0.0.129; range 10.0.0.131 10.0.0.190; } subnet 10.0.0.192 netmask 255.255.255.192 { option routers 10.0.0.193; range 10.0.0.201 10.0.0.254; } -- snip -- Here is the output from dhcpd, from the 12/30/02 snapshot: -- snip -- # dhcpd -d xl2 xl3 Internet Software Consortium DHCP Server 2.0pl5-OpenBSD Copyright 1995, 1996, 1997, 1998, 1999 The Internet Software Consortium. All rights reserved. Please contribute if you find this software useful. For info, please visit http://www.isc.org/dhcp-contrib.html Abort trap (core dumped) -- snip -- Here is output from gdb after compiling with debug symbols (DEBUG="-g" make): -- snip -- # gdb (gdb) core-file dhcpd.core Core was generated by `dhcpd'. Program terminated with signal 6, Abort trap. #0 0x400a6ebf in ?? () (gdb) file dhcpd Reading symbols from dhcpd...done. (gdb) core-file dhcpd.core Core was generated by `dhcpd'. Program terminated with signal 6, Abort trap. Reading symbols from /usr/libexec/ld.so...done. Reading symbols from /usr/lib/libc.so.29.0...done. #0 0x400a6ebf in _thread_sys_kill () (gdb) bt #0 0x400a6ebf in _thread_sys_kill () #1 0x400a1c4c in __stack_smash_handler () #2 0xe90e in subnet_inner_than (subnet=0x26180, scan=0x26100, warnp=1) at memory.c:383 #3 0xe940 in enter_subnet (subnet=0x26180) at memory.c:397 #4 0x78bb in parse_subnet_declaration (cfile=0x400f0130, share=0x25120) at confpars.c:740 #5 0x6a80 in parse_statement (cfile=0x1110, group=0x0, type=0, host_decl=0x0, declaration=1) at confpars.c:245 #6 0x6195 in readconf () at confpars.c:81 #7 0x1d8f in main (argc=4, argv=0xcfbfd780) at dhcpd.c:195 -- snip -- Finally, here is the output from dhcpd when compiled w/o stack protection (DEBUG="-fno-stack-protector" make)-- this is the expected output: -- snip -- # ./dhcpd -d xl2 xl3 Internet Software Consortium DHCP Server 2.0pl5-OpenBSD Copyright 1995, 1996, 1997, 1998, 1999 The Internet Software Consortium. All rights reserved. Please contribute if you find this software useful. For info, please visit http://www.isc.org/dhcp-contrib.html Listening on BPF/xl3/xx:xx:xx:xx:xx:xx/10.0.0.192 Sending on BPF/xl3/xx:xx:xx:xx:xx:xx/10.0.0.192 Listening on BPF/xl2/yy:yy:yy:yy:yy:yy/10.0.0.128 Sending on BPF/xl2/yy:yy:yy:yy:yy:yy/10.0.0.128 Sending on Socket/fallback/fallback-net -- snip -- Anyone running DHCPD serving multiple interfaces under 3.2? I'm not subscribed to this list, so please copy me on any responses. Thanks in advance. - Rob -- Robert Mooney (rjmooney@aboveground.cx) www: http://www.aboveground.cx/~rjmooney/