[isf-wifidog] seg fault

acv acv at miniguru.ca
Lun 28 Juil 17:20:21 EDT 2008 

I've reproduced the bug on Ubuntu 7.10 x86_64. The fix is trivial,
util.c must include <arpa/inet.h>. Right now this only happens if
__NetBSD__ is defined.

I've tested on Red Hat 7.3 (as a suitable substitute for antique
Linux platform and as an i386 32-bit platform) and there it works
regardless of whether <arpa/inet.h> is included. Although the man
page says it's required.

I don't have a 32-bit Ubuntu 7.10 to test whether 32-bit Linux as
a whole is exempt from including that file. I'll commit the include
to the SVN later today when I get home (hopefully I'll remember my
password.) If someone else wants to check it in, go ahead.

Temporary fix:

In src/util.c, cut line 45 (#include <arpa/inet.h>) and paste it
above line 44 (#if defined(__NetBSD__)).

Cheers,

Alex

On Mon, Jul 28, 2008 at 04:57:28PM -0400, acv wrote:
> Date: Mon, 28 Jul 2008 16:57:28 -0400
> From: acv <acv at miniguru.ca>
> To: WiFiDog Captive Portal <wifidog at listes.ilesansfil.org>
> Mail-Followup-To: WiFiDog Captive Portal <wifidog at listes.ilesansfil.org>
> Subject: Re: [isf-wifidog] seg fault
> 
> On the surface, it looks like the bug is caused by inet_ntoa() not returning
> a null-terminated string, that's why strlen() segfaults, it goes beyond the
> end of the string. This could either be caused by inet_ntoa() failing or
> the ioctl() call failing or even the memcpy() bit just below.
> 
> Code snippet (lines 176-185 from src/util.c):
> 
> 176        if (ioctl (sockd, SIOCGIFADDR, &if_data) < 0) {
> 177                debug(LOG_ERR, "ioctl(): SIOCGIFADDR %s", strerror(errno));
> 178                return NULL;
> 179        }
> 180        memcpy ((void *) &ip, (void *) &if_data.ifr_addr.sa_data + 2, 4);
> 181        in.s_addr = ip;
> 182
> 183        ip_str = (char *)inet_ntoa(in);
> 184        close(sockd);
> 185        return safe_strdup(ip_str);
> 
> 	ioctl() errors are checked. Either the memcpy() call or its
> pointer arithmetics is off? sa_data in a sockaddr_in struct starts
> with a 16-bit value so the math looks OK. This stumps me right now,
> what's the distro? Ubuntu 7.10?
> 
> Alex
> 
> On Mon, Jul 28, 2008 at 04:15:08PM -0400, Clifford Thurber wrote:
> > Date: Mon, 28 Jul 2008 16:15:08 -0400
> > From: "Clifford Thurber" <clifford at hdn.net>
> > To: "WiFiDog Captive Portal" <wifidog at listes.ilesansfil.org>
> > Subject: Re: [isf-wifidog] seg fault
> > 
> > [root at wifidog src]# ifconfig eth1
> > eth1      Link encap:Ethernet  HWaddr 00:18:8B:2E:B1:A5
> >           inet addr:216.193.211.3  Bcast:216.193.211.255  Mask:255.255.255.0
> >           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
> >           RX packets:194391 errors:0 dropped:0 overruns:0 frame:0
> >           TX packets:84 errors:0 dropped:0 overruns:0 carrier:0
> >           collisions:0 txqueuelen:1000
> >           RX bytes:12474968 (11.8 MiB)  TX bytes:16381 (15.9 KiB)
> >           Interrupt:16 Memory:f8000000-f8012100
> > 
> > On Mon, Jul 28, 2008 at 4:11 PM, acv <acv at miniguru.ca> wrote:
> > 
> > > On Mon, Jul 28, 2008 at 03:43:14PM -0400, Clifford Thurber wrote:
> > > >
> > > > Program received signal SIGSEGV, Segmentation fault.
> > > > 0x0000003ea6280eb0 in strlen () from /lib64/libc.so.6
> > > > Missing separate debuginfos, use: debuginfo-install glibc.x86_64
> > > > (gdb) bt
> > > > #0  0x0000003ea6280eb0 in strlen () from /lib64/libc.so.6
> > > > #1  0x0000003ea6280be6 in strdup () from /lib64/libc.so.6
> > > > #2  0x000000000040bfdc in safe_strdup ()
> > > > #3  0x0000000000409c64 in get_iface_ip ()
> > > > #4  0x000000000040720b in main_loop ()
> > > > #5  0x00000000004078a2 in main ()
> > > > (gdb) exit
> > >
> > >         This is very strange. What's the output of ifconfig for that
> > > interface?
> > >
> > > Alex
> > >
> > > _______________________________________________
> > > WiFiDog mailing list
> > > WiFiDog at listes.ilesansfil.org
> > > http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
> > >
> 
> > _______________________________________________
> > WiFiDog mailing list
> > WiFiDog at listes.ilesansfil.org
> > http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog



> _______________________________________________
> WiFiDog mailing list
> WiFiDog at listes.ilesansfil.org
> http://listes.ilesansfil.org/cgi-bin/mailman/listinfo/wifidog
-------------- section suivante --------------
Une pièce jointe non texte a été nettoyée...
Nom: non disponible
Type: application/pgp-signature
Taille: 187 octets
Desc: non disponible
Url: http://listes.ilesansfil.org/pipermail/wifidog/attachments/20080728/80710501/attachment.pgp

Plus d'informations sur la liste de diffusion WiFiDog