From owner-freebsd-current Thu Jul 20 13:49:12 2000 Delivered-To: freebsd-current@freebsd.org Received: from frmug.org (frmug-gw.frmug.org [193.56.58.252]) by hub.freebsd.org (Postfix) with ESMTP id 4B5A437B5B5; Thu, 20 Jul 2000 13:49:05 -0700 (PDT) (envelope-from roberto@keltia.freenix.fr) Received: (from uucp@localhost) by frmug.org (8.9.3/frmug-2.7/nospam) with UUCP id WAA10823; Thu, 20 Jul 2000 22:48:50 +0200 (CEST) (envelope-from roberto@keltia.freenix.fr) Received: by keltia.freenix.fr (Postfix, from userid 101) id EE7C08865; Thu, 20 Jul 2000 22:45:05 +0200 (CEST) Date: Thu, 20 Jul 2000 22:45:05 +0200 From: Ollivier Robert To: freebsd-current@freebsd.org Cc: fenner@freebsd.org Subject: Re: trafshow doesn't work? Message-ID: <20000720224505.A87492@keltia.freenix.fr> Mail-Followup-To: freebsd-current@freebsd.org, fenner@freebsd.org References: <20000719165133.C511@samxie.cl.msu.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2i In-Reply-To: ; from kris@FreeBSD.org on Wed, Jul 19, 2000 at 02:06:48PM -0700 X-Operating-System: FreeBSD 5.0-CURRENT/ELF AMD-K6/200 & 2x PPro/200 SMP Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG [ Bill Fenner added as "maintainer" of libpcap/tcpdump ] According to Kris Kennaway: > Fallout from the malloc.conf changes. tcpdump has the same bug. I think^W'm sure the bug is in libpcap though as several libpcap applications fail with the same error (tcpdump, ntop, trafshow). The problem is inside pcap_lookupdev(), "buf" is used to store interface data, then freed then the buffer is used again : -=-=- for (;;) { buf = malloc (buf_size); if (buf == NULL) { close (fd); (void)sprintf(errbuf, "out of memory"); return (NULL); } ifc.ifc_len = buf_size; ifc.ifc_buf = buf; memset (buf, 0, buf_size); ... for (cp = ifrp->ifr_name; !isdigit(*cp); ++cp) continue; n = atoi(cp); if (n < minunit) { minunit = n; mp = ifrp; } } free(buf); <<<<<<< (void)close(fd); if (mp == NULL) { (void)strcpy(errbuf, "no suitable device found"); return (NULL); } (void)strncpy(device, mp->ifr_name, sizeof(device) - 1); <<<<<<< device[sizeof(device) - 1] = '\0'; return (device); -=-=- The last free(buf) has filled "buf" with 0xd0 so "mp" points to the same area. If anyone has the address of the mailing list for libpcap, please send this patch. I won't commit it as it would get the file out of the vendor branch. Index: inet.c =================================================================== RCS file: /spare/FreeBSD-current/src/contrib/libpcap/inet.c,v retrieving revision 1.1.1.4 diff -u -2 -I.*$Id:.* -r1.1.1.4 inet.c --- inet.c 2000/01/30 00:32:41 1.1.1.4 +++ inet.c 2000/07/20 20:41:36 @@ -174,7 +174,7 @@ } } - free(buf); (void)close(fd); if (mp == NULL) { + free(buf); (void)strcpy(errbuf, "no suitable device found"); return (NULL); @@ -183,4 +183,5 @@ (void)strncpy(device, mp->ifr_name, sizeof(device) - 1); device[sizeof(device) - 1] = '\0'; + free(buf); return (device); } -- Ollivier ROBERT -=- FreeBSD: The Power to Serve! -=- roberto@keltia.freenix.fr FreeBSD keltia.freenix.fr 5.0-CURRENT #80: Sun Jun 4 22:44:19 CEST 2000 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message