tcpdump mailing list archives

Re: Libpcap - pcapfindalldevs

From: Johan Mazel <johan.mazel () gmail com>
Date: Sat, 5 Sep 2009 15:57:19 +0200

Ok.
Thanks a lot for the explanation.
Regards.
Johan Mazel

2009/9/4 Guy Harris <guy () alum mit edu>


On Sep 4, 2009, at 8:45 AM, Johan Mazel wrote:

 I wrote a short piece of code in C to show the problem.


My code is the following one:
*#include <stdio.h>
#include <pcap.h>

int main(){
  struct pcap_if * found_devices;
  int result;
  char * errbuf;
  printf("Scanning\n");
  result = pcap_findalldevs(&found_devices, errbuf);


That's not valid.

Routines such as pcap_open_live() and pcap_findalldevs() take a "char
*errbuf" argument.

That does *not* mean that you can pass it a random uninitialized "char *"
variable to it and expect it to work; said random uninitialized variable
could well point outside the address space of the process - it could, for
example, have all its bits zero, and most OSes leave the first page (and
perhaps more pages) out of the address space, so that attempts to
dereference null pointers will probably cause a crash rather than causing
random unpredictable behavior (most C implementations represent a null
pointer as a pointer with all its bits zero - and, no, the C standard
doesn't require that).

Furthermore, it also doesn't mean that you need to pass it a "char *"
variable; what you need to pass it is an expression whose type is "char *".

If you did

       char errbuf[PCAP_ERRBUF_SIZE];
       printf("Scanning\n");
       result = pcap_findalldevs(&found_devices, errbuf);

that should work - in most contexts in C, a reference to an array of type T
is converted to a value of "pointer to type T" that points to the first
member of the array (no, pointers and arrays are not the same thing in C).

 If this is a bug in Libpcap,


It's not - it's a bug in your program.  Change

       char * errbuf;

to

       char errbuf[PCAP_ERRBUF_SIZE];

in your program.

-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.

-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.

Current thread:

Re: Libpcap - pcapfindalldevs Johan Mazel (Sep 07)
- Re: Libpcap - pcapfindalldevs Johan Mazel (Sep 07)
- Re: Libpcap - pcapfindalldevs Guy Harris (Sep 07)
  - Re: Libpcap - pcapfindalldevs Johan Mazel (Sep 07)