dnsmasq Null Pointer Dereference Vulnerability in Version 2.73rc6

A null pointer dereference vulnerability has been identified in dnsmasq versions up to 2.73rc6. The issue arises in the 'check_servers' function within 'src/network.c', part of the Config File Handler component. When the 'SERV_HAS_DOMAIN' flag is set but 'serv->domain' is NULL, the code attempts to read the length of 'serv->domain', leading to a crash. This vulnerability requires local exploitation and has a public proof-of-concept available.

Impact

Exploitation of this vulnerability causes dnsmasq to crash on startup, disrupting the service. In environments with automated provisioning or untrusted configuration sources, this issue can be consistently reproduced to keep the service down.

Reproduction

The vulnerability can be reproduced by crafting a specific configuration file that triggers the 'SERV_HAS_DOMAIN' flag while leaving 'serv->domain' NULL. This can be done by creating a dnsmasq configuration file with the necessary malformed entries and placing it in the appropriate directory. When dnsmasq is started, it will parse the configuration file, leading to the null pointer dereference and causing the service to crash.