Date: Thu, 20 Jul 2000 22:45:05 +0200 From: Ollivier Robert <roberto@keltia.freenix.fr> To: freebsd-current@freebsd.org Cc: fenner@freebsd.org Subject: Re: trafshow doesn't work? Message-ID: <20000720224505.A87492@keltia.freenix.fr> In-Reply-To: <Pine.BSF.4.21.0007191406200.85400-100000@freefall.freebsd.org>; from kris@FreeBSD.org on Wed, Jul 19, 2000 at 02:06:48PM -0700 References: <20000719165133.C511@samxie.cl.msu.edu> <Pine.BSF.4.21.0007191406200.85400-100000@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
[ Bill Fenner added as "maintainer" of libpcap/tcpdump ]
According to Kris Kennaway:
> Fallout from the malloc.conf changes. tcpdump has the same bug.
I think^W'm sure the bug is in libpcap though as several libpcap applications
fail with the same error (tcpdump, ntop, trafshow).
The problem is inside pcap_lookupdev(), "buf" is used to store interface data,
then freed then the buffer is used again :
-=-=-
for (;;) {
buf = malloc (buf_size);
if (buf == NULL) {
close (fd);
(void)sprintf(errbuf, "out of memory");
return (NULL);
}
ifc.ifc_len = buf_size;
ifc.ifc_buf = buf;
memset (buf, 0, buf_size);
...
for (cp = ifrp->ifr_name; !isdigit(*cp); ++cp)
continue;
n = atoi(cp);
if (n < minunit) {
minunit = n;
mp = ifrp;
}
}
free(buf); <<<<<<<
(void)close(fd);
if (mp == NULL) {
(void)strcpy(errbuf, "no suitable device found");
return (NULL);
}
(void)strncpy(device, mp->ifr_name, sizeof(device) - 1); <<<<<<<
device[sizeof(device) - 1] = '\0';
return (device);
-=-=-
The last free(buf) has filled "buf" with 0xd0 so "mp" points to the same
area. If anyone has the address of the mailing list for libpcap, please send
this patch. I won't commit it as it would get the file out of the vendor
branch.
Index: inet.c
===================================================================
RCS file: /spare/FreeBSD-current/src/contrib/libpcap/inet.c,v
retrieving revision 1.1.1.4
diff -u -2 -I.*$Id:.* -r1.1.1.4 inet.c
--- inet.c 2000/01/30 00:32:41 1.1.1.4
+++ inet.c 2000/07/20 20:41:36
@@ -174,7 +174,7 @@
}
}
- free(buf);
(void)close(fd);
if (mp == NULL) {
+ free(buf);
(void)strcpy(errbuf, "no suitable device found");
return (NULL);
@@ -183,4 +183,5 @@
(void)strncpy(device, mp->ifr_name, sizeof(device) - 1);
device[sizeof(device) - 1] = '\0';
+ free(buf);
return (device);
}
--
Ollivier ROBERT -=- FreeBSD: The Power to Serve! -=- roberto@keltia.freenix.fr
FreeBSD keltia.freenix.fr 5.0-CURRENT #80: Sun Jun 4 22:44:19 CEST 2000
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000720224505.A87492>