In the unlikely event that a NULL device is passed to the priv_pcap_live() function, it will just set the error buffer and continue, causing a segfault.
The diff below fixes this bug by ensuring that the function returns NULL in this situation. Comments/OK? Lawrence Index: privsep_pcap.c =================================================================== RCS file: /cvs/src/usr.sbin/tcpdump/privsep_pcap.c,v retrieving revision 1.16 diff -u -p -r1.16 privsep_pcap.c --- privsep_pcap.c 21 Sep 2010 04:08:12 -0000 1.16 +++ privsep_pcap.c 6 Nov 2012 04:20:55 -0000 @@ -234,8 +234,10 @@ priv_pcap_live(const char *dev, int slen if (priv_fd < 0) errx(1, "%s: called from privileged portion", __func__); - if (dev == NULL) + if (dev == NULL) { snprintf(ebuf, PCAP_ERRBUF_SIZE, "No interface specified"); + return (NULL); + } p = (pcap_t *)malloc(sizeof(*p)); if (p == NULL) {