Segmentation fault in libnet_ifaddrlist #149
Description
Hi,
We saw a segmentation fault with libnet 1.1.6 from Debian repositories. I believe the issue is still there and relates the MAX_IPADDR being only 512. We have a little more than 1000 interfaces.
i.e., the following structure is fully filled and the while/for loop in the function doesn't seem to check if we are overflowing the structure:
https://github.com/libnet/libnet/blob/v1.1.6/libnet/src/libnet_if_addr.c#L118
I didn't look fully at the loop so I could be wrong
[New LWP 8652]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Core was generated by `arping -U -c 1 -w 1 45.0.0.2'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 libnet_ifaddrlist (ipaddrp=ipaddrp@entry=0x7ffc2c080da8, dev=dev@entry=0x0, errbuf=errbuf@entry=0x7ffc2c080db0 "") at libnet_if_addr.c:237
237 libnet_if_addr.c: No such file or directory.
(gdb) bt
#0 libnet_ifaddrlist (ipaddrp=ipaddrp@entry=0x7ffc2c080da8, dev=dev@entry=0x0, errbuf=errbuf@entry=0x7ffc2c080db0 "") at libnet_if_addr.c:237
#1 0x00007f7061315f92 in libnet_select_device (l=l@entry=0x55940308e260) at libnet_if_addr.c:367
#2 0x00007f70613163b8 in libnet_init (injection_type=0, device=0x0, err_buf=0x7ffc2c080f30 "") at libnet_init.c:82
#3 0x0000559401f14afb in ?? ()
#4 0x0000559401f15361 in ?? ()
#5 0x00007f7060fc609b in __libc_start_main () from /lib/x86_64-linux-gnu/libc.so.6
#6 0x0000559401f1353a in ?? ()