getservbyname(name, (char *)0) - libc6, tcpdump and libpcap bug
After noticing tcpdump barfing on 'port xxxx' options, I started a
game of hunt the wumpus^H^H^H^H^Hbug.
I have tracked it down to this line in line 123 of nametoaddr.c in libpcap.
sp = getservbyname(name, (char *)0);
The second option should be the proto, according to my man pages.
According to the IRIX man page on another box here at work, it can
also be NULL, to not match a specific protocol. Stevens (U.N.P.) also
states that it can be NULL.
The code did not cause problems before yesterday's upgrade of libc6.
Infact, to test my theory, I ran this program before and after the
libc6 upgrade on a hamm machine at work:
#include <stdio.h>
#include <stdlib.h>
#include <netdb.h>
int main ()
{
char name[] = "nntp";
struct servent *sp;
sp = getservbyname(name, (char *)0);
printf("name = %s, port = %d, proto = %d\n",
sp->s_name, sp->s_port, sp->s_proto);
}
Before:
@ecglaf [~/c] $ ./gsbn
name = nntp, port = 30464, proto = 134518418
After:
@ecglaf [~/c] $ ./gsbn
Segmentation fault (core dumped)
It also dumps if I replace (char *)0 with NULL or just 0.
Here is the backtrace:
Program received signal SIGSEGV, Segmentation fault.
0x400b2aff in _nss_db_getservbyname_r ()
(gdb) bt
#0 0x400b2aff in _nss_db_getservbyname_r ()
#1 0x40087ce6 in getservbyname_r ()
#2 0x40087b62 in getservbyname ()
#3 0x80484f6 in main () at gsbn.c:9
So.. is this a libc6 bug, then? It seems like it.
--
David Welton http://www.efn.org/~davidw
Debian GNU/Linux - www.debian.org
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-request@lists.debian.org .
Trouble? e-mail to templin@bucknell.edu .
Reply to: