tcpdump: ensure priv_pcap_live() returns NULL if no device

Lawrence Teo Mon, 05 Nov 2012 20:37:26 -0800

In the unlikely event that a NULL device is passed to the
priv_pcap_live() function, it will just set the error buffer and
continue, causing a segfault.


The diff below fixes this bug by ensuring that the function returns
NULL in this situation.

Comments/OK?

Lawrence


Index: privsep_pcap.c
===================================================================
RCS file: /cvs/src/usr.sbin/tcpdump/privsep_pcap.c,v
retrieving revision 1.16
diff -u -p -r1.16 privsep_pcap.c
--- privsep_pcap.c      21 Sep 2010 04:08:12 -0000      1.16
+++ privsep_pcap.c      6 Nov 2012 04:20:55 -0000
@@ -234,8 +234,10 @@ priv_pcap_live(const char *dev, int slen
        if (priv_fd < 0)
                errx(1, "%s: called from privileged portion", __func__);
 
-       if (dev == NULL)
+       if (dev == NULL) {
                snprintf(ebuf, PCAP_ERRBUF_SIZE, "No interface specified");
+               return (NULL);
+       }
 
        p = (pcap_t *)malloc(sizeof(*p));
        if (p == NULL) {

tcpdump: ensure priv_pcap_live() returns NULL if no device

Reply via email to