From c378d2c1de09b11d5526d3b686a7277d51ffb14d Mon Sep 17 00:00:00 2001 From: Simon Kelley Date: Mon, 2 Jun 2025 22:37:08 +0100 Subject: [PATCH] Fix crash in filter_servers(). The bug occurs when we ask lookup_domain() for a server for a domain which is not a general upstream server, by setting F_DOMAINSRV in the flags. If there are no possible servers, because there are no upstream servers defined (for instance, at startup) then the code steps off the end of an array and SEGVs. The bug has been latent for some time, but 3e659bd4ec6525ebe4518fd10b8e183997f46351 added a new call to lookup_domain() which can actually trigger the bug if DNSSEC is enabled and a certain amount of bad luck ensues. Thanks to the testers extraordinaire at PiHole for reporting this. --- src/domain-match.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/src/domain-match.c b/src/domain-match.c index a2e2266..708790f 100644 --- a/src/domain-match.c +++ b/src/domain-match.c @@ -343,10 +343,8 @@ int filter_servers(int seed, int flags, int *lowout, int *highout) else { /* If we want a server for a particular domain, and this one isn't, return nothing. */ - if ((flags & F_DOMAINSRV) && daemon->serverarray[nlow]->domain_len == 0) + if (nlow != nhigh && (flags & F_DOMAINSRV) && daemon->serverarray[nlow]->domain_len == 0) nlow = nhigh; - else - nlow = i; } } }