以下代码显示分段错误
为什么下面的代码显示分段错误?
int CreateRawSocket(int protocol_to_sniff)
{
int rawsock;
if((rawsock = socket(PF_PACKET, SOCK_RAW, htons(protocol_to_sniff)))== -1)
{
perror("Error creating raw socket: ");
exit(-1);
}
return rawsock;
}
int BindRawSocketToInterface(char *device, int rawsock, int protocol)
{
struct sockaddr_ll sll;
struct ifreq ifr;
bzero(&sll, sizeof(sll));
bzero(&ifr,sizeof(ifr));
/* First Get the Interface Index */
char *t=(char*)ifr.ifr_name;
strncpy(t, device, 1024);
if((ioctl(rawsock, SIOCGIFINDEX, &ifr)) == -1)
{
printf("Error getting Interface index !\n");
exit(-1);
}
/* Bind our raw socket to this interface */
sll.sll_family = AF_PACKET;
sll.sll_ifindex = ifr.ifr_ifindex;
sll.sll_protocol = htons(protocol);
if((bind(rawsock, (struct sockaddr *)&sll, sizeof(sll)))== -1)
{
perror("Error binding raw socket to interface\n");
exit(-1);
}
return 1;
}
void PrintPacketInHex(unsigned char *packet, int len)
{
unsigned char *p = packet;
printf("\n\n---------Packet---Starts----\n\n");
while(len--)
{
printf("%.2x ", *p);
p++;
}
printf("\n\n--------Packet---Ends-----\n\n");
}
main(int argc, char **argv)
{
int raw;
unsigned char packet_buffer[2048];
int len;
int packets_to_sniff;
struct sockaddr_ll packet_info;
int packet_info_size = sizeof(packet_info);
/* create the raw socket */
raw = CreateRawSocket(ETH_P_IP);
/* Bind socket to interface */
BindRawSocketToInterface(argv[1], raw, ETH_P_IP);
/* Get number of packets to sniff from user */
packets_to_sniff = atoi(argv[2]);
/* Start Sniffing and print Hex of every packet */
while(packets_to_sniff--)
{
if((len = recvfrom(raw, packet_buffer, 2048, 0, (struct sockaddr*)&packet_info, &packet_info_size)) == -1)
{
perror("Recv from returned -1: ");
exit(-1);
}
else
{
/* Packet has been received successfully !! */
PrintPacketInHex(packet_buffer, len);
}
}
return 0;
}
why the following code shows segmentation fault?
int CreateRawSocket(int protocol_to_sniff)
{
int rawsock;
if((rawsock = socket(PF_PACKET, SOCK_RAW, htons(protocol_to_sniff)))== -1)
{
perror("Error creating raw socket: ");
exit(-1);
}
return rawsock;
}
int BindRawSocketToInterface(char *device, int rawsock, int protocol)
{
struct sockaddr_ll sll;
struct ifreq ifr;
bzero(&sll, sizeof(sll));
bzero(&ifr,sizeof(ifr));
/* First Get the Interface Index */
char *t=(char*)ifr.ifr_name;
strncpy(t, device, 1024);
if((ioctl(rawsock, SIOCGIFINDEX, &ifr)) == -1)
{
printf("Error getting Interface index !\n");
exit(-1);
}
/* Bind our raw socket to this interface */
sll.sll_family = AF_PACKET;
sll.sll_ifindex = ifr.ifr_ifindex;
sll.sll_protocol = htons(protocol);
if((bind(rawsock, (struct sockaddr *)&sll, sizeof(sll)))== -1)
{
perror("Error binding raw socket to interface\n");
exit(-1);
}
return 1;
}
void PrintPacketInHex(unsigned char *packet, int len)
{
unsigned char *p = packet;
printf("\n\n---------Packet---Starts----\n\n");
while(len--)
{
printf("%.2x ", *p);
p++;
}
printf("\n\n--------Packet---Ends-----\n\n");
}
main(int argc, char **argv)
{
int raw;
unsigned char packet_buffer[2048];
int len;
int packets_to_sniff;
struct sockaddr_ll packet_info;
int packet_info_size = sizeof(packet_info);
/* create the raw socket */
raw = CreateRawSocket(ETH_P_IP);
/* Bind socket to interface */
BindRawSocketToInterface(argv[1], raw, ETH_P_IP);
/* Get number of packets to sniff from user */
packets_to_sniff = atoi(argv[2]);
/* Start Sniffing and print Hex of every packet */
while(packets_to_sniff--)
{
if((len = recvfrom(raw, packet_buffer, 2048, 0, (struct sockaddr*)&packet_info, &packet_info_size)) == -1)
{
perror("Recv from returned -1: ");
exit(-1);
}
else
{
/* Packet has been received successfully !! */
PrintPacketInHex(packet_buffer, len);
}
}
return 0;
}
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
崩溃是由例程 BindRawSocketToInterface 中的这一行引起的:
这里您要求
strncpy将 1024 个字节写入char *t。 请注意,strncpy使用指定数量的空字节填充目标字符串,请参阅man strncpy)。但是
t指向一个不够大的数组,即ifr.ifr_name[IFNAMSIZ]。在我的 Linux 系统上,IFNAMSIZ只有 16。因此strncpy会溢出并销毁不应该触及的内存。更改
strncpy参数以匹配数组的正确大小,如下所示可修复崩溃:The crash is caused by this line in your routine BindRawSocketToInterface:
Here you've asked
strncpyto write 1024 bytes intochar *t. Note thatstrncpypads the destination string with the specified number of null bytes, see man strncpy).But
tpoints to an array which isn't nearly large enough, namelyifr.ifr_name[IFNAMSIZ]. On my linux system,IFNAMSIZis only 16. Sostrncpyoverflows and trashes memory that it shouldn't be touching.Changing the
strncpyparameter to match the correct size of the array as follows fixes the crash:当您由于未检查 argc 而没有提供足够的命令行参数时,就会出现内存冲突。
There is a memory violation when you do not give enough command line arguments as you do not check argc.