bin/76497: tcpdump dumps core on ppp ipv6cp packets
Giorgos Keramidas
keramida at freebsd.org
Thu Jan 20 09:40:29 PST 2005
The following reply was made to PR bin/76497; it has been noted by GNATS.
From: Giorgos Keramidas <keramida at freebsd.org>
To: Janos Mohacsi <janos.mohacsi at bsd.hu>
Cc: bug-followup at freebsd.org, matthias.andree at web.de
Subject: Re: bin/76497: tcpdump dumps core on ppp ipv6cp packets
Date: Thu, 20 Jan 2005 19:36:54 +0200
On 2005-01-20 19:29, Giorgos Keramidas <keramida at freebsd.org> wrote:
> % (gdb) bt
> % #0 0x00000000 in ?? ()
> % #1 0x0806d194 in handle_ctrl_proto (proto=32855, pptr=0x8184018 "\001\001", length=14)
> % at /usr/src/usr.sbin/tcpdump/tcpdump/../../../contrib/tcpdump/print-ppp.c:447
The following patch fixed the crash for me. At line 444, pfunc is set
to NULL for unknown types of packets, but it isn't checked against
NULL at line 447, so an attempt to call a function at address NULL is
made (this is shown as the address of the last function called in the
stack trace above).
%%%
Index: print-ppp.c
===================================================================
RCS file: /home/ncvs/src/contrib/tcpdump/print-ppp.c,v
retrieving revision 1.13
diff -u -r1.13 print-ppp.c
--- print-ppp.c 31 Mar 2004 14:57:24 -0000 1.13
+++ print-ppp.c 20 Jan 2005 17:31:33 -0000
@@ -444,7 +444,7 @@
pfunc = NULL;
break;
}
- if ((j = (*pfunc)(tptr, len)) == 0)
+ if (pfunc == NULL || (j = (*pfunc)(tptr, len)) == 0)
break;
x -= j;
tptr += j;
%%%
More information about the freebsd-bugs
mailing list