Reputation: 91
pcap_next() returns address to inaccessible memory area
I'm programming an ARP-Sniffer and the next runtime error occures:
The pcap_next() function returns a pointer to an address space, which is not accessible causing the Segmentation Fault Error during the runtime only in some cases. Here is the code:
void function_arp(){
(...)
const unsigned char *frameRcv = NULL;
unsigned int byteNr = 0;
struct ether_arp *arpPack = NULL;
while (true) {
// check on waiting time
gettimeofday(¤tWaitTime, NULL);
struct timeval diff = timediff(beginWaitTime, currentWaitTime);
if (diff.tv_sec > 5) // wait for up to 5 seconds
{
fprintf(stderr, "Reading timed out\n");
break;
}
// Receiving Frame
byteNr = receiveRawFrame(handle, &frameRcv);
if(frameRcv == 0x0)
continue;
//when reading *frameRcv, the Segmentation fault occurs sometimes
fprintf(stdout, "%x - ", *frameRcv);
(...)
//The receiving of frames will be timed out after 4 sec
}
The code of the function receiveRawFrame():
unsigned int
receiveRawFrame(struct capture_info handle, const unsigned char** receivedFrame)
{
*receivedFrame = NULL;
// try reading frames
const unsigned char* frame;
struct pcap_pkthdr pcapinfo;
frame = pcap_next(handle.pcapHandle, &pcapinfo);
*receivedFrame = frame;
return pcapinfo.caplen;
}
Some Notes: The Program will recieve as parameter the IP and send an ARP-Request for that IP expecting the reply afterwards. The Segmentation Fault occurs only when the IP is not in the local network. Normaly the program should time out in this case. For the same input (an IP outwards the local network) the Segmentation Fault occurs sometimes, sometimes not...
I suppose something unexpected occurs when calling the function pcap_next several times in a while loop.
The OS: Debian 3.2.57-3 x86_64 (64 Bit)
Pcap version: 1.15
GDB is offering the next output:
Program received signal SIGSEGV, Segmentation fault.
0x0000000000401b29 in function_arp () at src/arp_impl.c:120
120 fprintf(stdout, "%x - ", *frameRcv);
Upvotes: 0
Views: 545
Answers (1)
Reputation: 7698
Check the result from pcap_next. The frame and info should only be be accessed if the result is non-zero.
Upvotes: 2
Related Questions
- Packet Sniffing with pcap Segmentation Fault
- read from a PCap file and print out IP addresses and port numbers in c, but my result seem wrong
- Issue in pcap_set_buffer_size()
- Why is the third parameter to pcap_next_ex an incompatible pointer type?
- pcap_next return NULL
- Pointer to ICMPHeader
- pcap_next_ex() cannot be used again if it reaches the end of a pcap file
- pcap_next call fills in pcap_pkthdr with len equal to zero
- Compiler warning in last argument of pcap_loop. Pointing to integer of different size
- C pointers and memory (PCAP & Packet handling)