Date: Mon, 16 Jan 2006 23:11:26 +0100 From: Ulrich Spoerlein <q@galgenberg.net> To: Sam Leffler <sam@errno.com> Cc: current@freebsd.org Subject: Re: malloc bugs with tcpdump Message-ID: <20060116221126.GB1077@galgenberg.net> In-Reply-To: <43CBD81E.80006@errno.com> References: <20060116013722.GA29139@xor.obsecurity.org> <20060116135928.GB28974@flame.pc> <43CBD81E.80006@errno.com>
index | next in thread | previous in thread | raw e-mail
[-- Attachment #1 --]
Sam Leffler wrote:
> I sent the attached patch upstream to the tcpdump folks. Once I hear back I'll commit it.
>
> Sam
> Index: pcap-bpf.c
> ===================================================================
> RCS file: /usr/ncvs/src/contrib/libpcap/pcap-bpf.c,v
> retrieving revision 1.1.1.10
> diff -u -r1.1.1.10 pcap-bpf.c
> --- pcap-bpf.c 11 Jul 2005 03:24:42 -0000 1.1.1.10
> +++ pcap-bpf.c 16 Jan 2006 05:48:49 -0000
> @@ -746,7 +746,7 @@
> u_int i;
> int is_ethernet;
>
> - bdl.bfl_list = (u_int *) malloc(sizeof(u_int) * bdl.bfl_len + 1);
> + bdl.bfl_list = (u_int *) malloc(sizeof(u_int) * (bdl.bfl_len + 1));
> if (bdl.bfl_list == NULL) {
> (void)snprintf(ebuf, PCAP_ERRBUF_SIZE, "malloc: %s",
> pcap_strerror(errno));
Hi Sam,
heh, I was trying to figure this one out earlier, but I gave up after
a couple of minutes, as I couldn't figure out why in god's name the
malloc would be too small to produce an error. Nice catch.
Ulrich Spoerlein
--
PGP Key ID: F0DB9F44 Encrypted mail welcome!
Fingerprint: F1CE D062 0CA9 ADE3 349B 2FE8 980A C6B5 F0DB 9F44
Which is worse: ignorance or apathy?
Don't know. Don't care.
[-- Attachment #2 --]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (FreeBSD)
iD8DBQFDzBoO524iJyD+6d0RAoMuAKCxbTveHTHsnF0JCwvtsDETujBGBQCgsuDq
evATWdYow3857oVEahV5ZRI=
=UoW5
-----END PGP SIGNATURE-----
help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060116221126.GB1077>