Date: Thu, 20 Jul 2000 22:45:05 +0200 From: Ollivier Robert <roberto@keltia.freenix.fr> To: freebsd-current@freebsd.org Cc: fenner@freebsd.org Subject: Re: trafshow doesn't work? Message-ID: <20000720224505.A87492@keltia.freenix.fr> In-Reply-To: <Pine.BSF.4.21.0007191406200.85400-100000@freefall.freebsd.org>; from kris@FreeBSD.org on Wed, Jul 19, 2000 at 02:06:48PM -0700 References: <20000719165133.C511@samxie.cl.msu.edu> <Pine.BSF.4.21.0007191406200.85400-100000@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
[ Bill Fenner added as "maintainer" of libpcap/tcpdump ] According to Kris Kennaway: > Fallout from the malloc.conf changes. tcpdump has the same bug. I think^W'm sure the bug is in libpcap though as several libpcap applications fail with the same error (tcpdump, ntop, trafshow). The problem is inside pcap_lookupdev(), "buf" is used to store interface data, then freed then the buffer is used again : -=-=- for (;;) { buf = malloc (buf_size); if (buf == NULL) { close (fd); (void)sprintf(errbuf, "out of memory"); return (NULL); } ifc.ifc_len = buf_size; ifc.ifc_buf = buf; memset (buf, 0, buf_size); ... for (cp = ifrp->ifr_name; !isdigit(*cp); ++cp) continue; n = atoi(cp); if (n < minunit) { minunit = n; mp = ifrp; } } free(buf); <<<<<<< (void)close(fd); if (mp == NULL) { (void)strcpy(errbuf, "no suitable device found"); return (NULL); } (void)strncpy(device, mp->ifr_name, sizeof(device) - 1); <<<<<<< device[sizeof(device) - 1] = '\0'; return (device); -=-=- The last free(buf) has filled "buf" with 0xd0 so "mp" points to the same area. If anyone has the address of the mailing list for libpcap, please send this patch. I won't commit it as it would get the file out of the vendor branch. Index: inet.c =================================================================== RCS file: /spare/FreeBSD-current/src/contrib/libpcap/inet.c,v retrieving revision 1.1.1.4 diff -u -2 -I.*$Id:.* -r1.1.1.4 inet.c --- inet.c 2000/01/30 00:32:41 1.1.1.4 +++ inet.c 2000/07/20 20:41:36 @@ -174,7 +174,7 @@ } } - free(buf); (void)close(fd); if (mp == NULL) { + free(buf); (void)strcpy(errbuf, "no suitable device found"); return (NULL); @@ -183,4 +183,5 @@ (void)strncpy(device, mp->ifr_name, sizeof(device) - 1); device[sizeof(device) - 1] = '\0'; + free(buf); return (device); } -- Ollivier ROBERT -=- FreeBSD: The Power to Serve! -=- roberto@keltia.freenix.fr FreeBSD keltia.freenix.fr 5.0-CURRENT #80: Sun Jun 4 22:44:19 CEST 2000 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000720224505.A87492>