Libpcap workers,
My copy of tcpdump is seg faulting whenever I use any packet
filter expression command line argument. Any simple filter,
like:
tcpdump host foo
or
tcpdump port 23
It crashes even if I use the no optimize -O flag.
Some version background:
I am using tcpdump version 3.8.3, with libpcap 0.8.3. This has
worked for me on various versions of solaris, aix, and linux,
but crashes when I use it in Fedora Linux
version 2.6.13-1.1532_FC4smp.
What seems to be happening:
In the libpcap module, there are several places in optimize.c
where JT(b) is tested for trueness, then JT(b) and JF(b) are
referenced. For example, in the middle of the find_dom
function:
if (JT(b) == 0)
continue;
SET_INTERSECT(JT(b)->dom, b->dom, nodewords);
SET_INTERSECT(JF(b)->dom, b->dom, nodewords);
If JT(b) == 0, the continue prevents both calls to SET_INTERSECT.
But if JT(b) is true, both JT(b) and JF(b) are referenced.
What if JT(b) is true, and JF(b) is null? This is what is
happening in my case, and the JF(b)->dom reference is of
course crashing.
I found this same kind of test in convert_code_r and
find_levels_r functions. I assume it is in many other places.
Was it assumed that if JT(x) is true, then so should JF(x)?
Is it legal to assume this? Should JF(x) always be true if
JT(x) is true?
I would appreciate any advice you might have.
-Richard Stefanich
Professional Computing Resources
Kentwood MI
[EMAIL PROTECTED]
--
-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.
