Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 20 Jan 2005 17:40:29 GMT
From:      Giorgos Keramidas <keramida@freebsd.org>
To:        freebsd-bugs@FreeBSD.org
Subject:   Re: bin/76497: tcpdump dumps core on ppp ipv6cp packets
Message-ID:  <200501201740.j0KHeT40045638@freefall.freebsd.org>

next in thread | raw e-mail | index | archive | help
The following reply was made to PR bin/76497; it has been noted by GNATS.

From: Giorgos Keramidas <keramida@freebsd.org>
To: Janos Mohacsi <janos.mohacsi@bsd.hu>
Cc: bug-followup@freebsd.org, matthias.andree@web.de
Subject: Re: bin/76497: tcpdump dumps core on ppp ipv6cp packets
Date: Thu, 20 Jan 2005 19:36:54 +0200

 On 2005-01-20 19:29, Giorgos Keramidas <keramida@freebsd.org> wrote:
 > % (gdb) bt
 > % #0  0x00000000 in ?? ()
 > % #1  0x0806d194 in handle_ctrl_proto (proto=32855, pptr=0x8184018 "\001\001", length=14)
 > %     at /usr/src/usr.sbin/tcpdump/tcpdump/../../../contrib/tcpdump/print-ppp.c:447
 
 The following patch fixed the crash for me.  At line 444, pfunc is set
 to NULL for unknown types of packets, but it isn't checked against
 NULL at line 447, so an attempt to call a function at address NULL is
 made (this is shown as the address of the last function called in the
 stack trace above).
 
 %%%
 Index: print-ppp.c
 ===================================================================
 RCS file: /home/ncvs/src/contrib/tcpdump/print-ppp.c,v
 retrieving revision 1.13
 diff -u -r1.13 print-ppp.c
 --- print-ppp.c	31 Mar 2004 14:57:24 -0000	1.13
 +++ print-ppp.c	20 Jan 2005 17:31:33 -0000
 @@ -444,7 +444,7 @@
  				pfunc = NULL;
  				break;
  			}
 -			if ((j = (*pfunc)(tptr, len)) == 0)
 +			if (pfunc == NULL || (j = (*pfunc)(tptr, len)) == 0)
  				break;
  			x -= j;
  			tptr += j;
 %%%



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200501201740.j0KHeT40045638>