Torsten Landschoff wrote:
>
> On Mon, Mar 19, 2001 at 02:05:34PM +0300, Michael Tokarev wrote:
> > > Do you have more data on this crash? There is a known bug which causes
> > > libpcap to crash on Linux systems if you specify a local address.
> >
> > I did some investigations -- yes, machine in question is the only one
> > that has /etc/ethers file with one line in it. If I remove this file,
> > tcpdump works fine. I looked to source -- it crashes in libc's nss
> > stuff trying to resolve all-ones ethernet address. This looks like
> > glibc bug/issue, tcpdump's side is ok.
>
> In that case it is another bug. Can you instruct me how to reproduce it?
Strange enouth - my answer to this (about a week ago) isn't here
(I posted (or at least hope did so) detailed explanation here.
This is a bug in glibc (I used 2.2), and corrected in 2.2.2 version.
In glibc's inet/ether_ntoh.c there was missing &errno argument to call
to (*fct)() routine (a pointer to nss routine), around line 69:
status = (*fct) (addr, ðerent, buffer, sizeof buffer, &errno);
(last &errno was missing in 2.2, and actual files_ether... routine
tried to set errno to NOENT using uninitialized pointer).
This can be trivially reproduced on 2.2 by just creating empty
/etc/ethers file (in this case nss lookup will be initialized
and tried, thus exploiting this bug).
Regards,
Michael.
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
