From f006be7842104a9f86fbf419326b7aad08ade61d Mon Sep 17 00:00:00 2001
From: Simon Kelley <simon@thekelleys.org.uk>
Date: Fri, 4 Oct 2024 16:59:14 +0100
Subject: [PATCH] Fix crash when reloading DHCP config on SIGHUP.
 
 Confusion in the code to free old DHCP configuration when it's
 being reloaded causes invalid pointers to be followed and a crash.
 
 https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2024q4/017764.html
 
 has a more complete explanation of the problem.
 
Conflict:NA
Reference:https://github.com/rhuijben/dnsmasq/commit/f006be7842104a9f86fbf419326b7aad08ade61d
 
---
 src/option.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)
 
diff --git a/src/option.c b/src/option.c
index f4ff7c0..ed0d9e1 100644
--- a/src/option.c
+++ b/src/option.c
@@ -1336,7 +1336,7 @@ static void dhcp_netid_free(struct dhcp_netid *nid)
 
 /* Parse one or more tag:s before parameters.
  * Moves arg to the end of tags. */
-static struct dhcp_netid * dhcp_tags(char **arg)
+static struct dhcp_netid *dhcp_tags(char **arg)
 {
   struct dhcp_netid *id = NULL;
 
@@ -1360,7 +1360,13 @@ static void dhcp_netid_list_free(struct dhcp_netid_list *netid)
     {
       struct dhcp_netid_list *tmplist = netid;
       netid = netid->next;
-      dhcp_netid_free(tmplist->list);
+      /* Note: don't use dhcp_netid_free() here, since that 
+	 frees a list linked on netid->next. Where a netid_list
+	 is used that's because the the ->next pointers in the
+	 netids are being used to temporarily construct 
+	 a list of valid tags. */
+      free(tmplist->list->net);
+      free(tmplist->list);
       free(tmplist);
     }
 }
-- 
2.33.0