Re: Surface pro 3 debug build

[Daniel Miller <bonsaiviking () gmail com>]

Peter,

Thanks so much! This is really helpful information. Unfortunately, it still
looks like this ends up making Nmap unusable on this platform, since we
just traded a crash (worst) for a fatal error (still bad). Can you see,
while you debug, whether the pcap_if_t structures (pcapdevs and p_ifaces)
have any valid content in them after pcap_findalldevs returns with error
status? In other words, can we treat this error as a warning ("Can't
enumerate all interfaces" or something) and still make do with the
interfaces that *are* supported? It's a long shot, but might be worthwhile
to check.

Dan

On Thu, Feb 12, 2015 at 4:26 AM, Peter Malecka <peter.malecka () me com> wrote:

> Daniel,
>
>
>
> I poked around wpcap source, compiled it from soruce and debugged some
> more.
>
>
>
> I found a possible issue there. When those wpcap functions are called,
> they sometimes have the errbuf argument set to null. The documentation does
> not state that the argument can be null.
> http://www.tcpdump.org/manpages/pcap_findalldevs.3pcap.html
>
>
>
> I tried fixing this issue for the --iflist command, and succeeded. I had
> to fix it in these 2 places:
>
>
>
> intf-win32.c
>
> char errbuf[PCAP_ERRBUF_SIZE];
>
>
>
>        if (pcap_findalldevs(&pcapdevs, errbuf) == -1) {
>
>               intf_close(intf);
>
>               return (-1);
>
>        }
>
>
>
> tcpip.cc
>
> char errbuf[PCAP_ERRBUF_SIZE];
>
>
>
>   if ((pcap_findalldevs(&p_ifaces, errbuf)) == -1) {
>
>     fatal("pcap_findalldevs() : Cannot retrieve pcap interfaces");
>
>     return NULL;
>
>   }
>
>
>
> Note the new errbuf variable and how it is used in the pcap_findalldevs
> function instead of a null argument. There might be more places where this
> causes issues.
>
>
>
> On a sidenote: it was failing on the Microsoft Wifi direct virtual
> adapter. See attached the callstack from winpcap debug (crash on strncpy to
> an empty errbuf).
>
>
>
> Hope it helps.
>
>
>
> Peter
>
>
>
> *From:* Daniel Miller [mailto:bonsaiviking () gmail com]
> *Sent:* Thursday, February 5, 2015 11:17 PM
> *To:* Peter Malecka
>
> *Subject:* Re: Surface pro 3 debug build
>
>
>
> Peter,
>
> Thank you so much! I will see what I can do from here.
>
> Dan
>
>
>
> On Thu, Feb 5, 2015 at 3:27 PM, Peter Malecka <peter.malecka () me com>
> wrote:
>
> Hi Dan,
>
>
>
> I followed your instructions and ran the debugger in vs2013 (nmap
> --iflist).
>
>
>
> Please find attached all the output I could generate now.
>
>
>
> In the callstack.txt, there is the line and details of the wpcap call that
> failed (pcap_findalldevs(&p_ifaces, NULL)), the rest is wpcap debug
> output. I cannot see any deeper without the wpcap pdb.
>
>
>
> Hope it helps,
>
>
>
> Peter
>
>
>
> *From:* Daniel Miller [mailto:bonsaiviking () gmail com]
> *Sent:* Thursday, February 5, 2015 6:02 PM
> *To:* Peter Malecka
> *Cc:* dmiller () nmap org
> *Subject:* Re: Surface pro 3 debug build
>
>
>
> Peter,
>
> Thanks for offering to help. I've gotten several offers, but no follow-up.
> We really need a backtrace of the actual call that fails. Anything you can
> provide beyond that would be great, too. You can get the debug package
> here: <snip>
>
>
>
> There are bug reporting instructions on WinPcap's web site which will
> probably help to create better debug output:
> http://www.winpcap.org/bugs.htm
>
> Thanks!
> Dan
>
>
>
> On Thu, Feb 5, 2015 at 6:38 AM, Peter Malecka <peter.malecka () me com>
> wrote:
>
> Hi Dan,
>
>
>
> While looking at this issue on github (
> https://github.com/nmap/nmap/issues/15 ), I found that you might be
> looking for people to help you debug new builds.
>
>
>
> Let me know if I can help.
>
>
>
> Best,
>
>
>
> Peter
_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/