Bug#922430: lft: Segmentation fault when using nonexistent interface

[Nelson A. de Oliveira]

Package: lft
Version: 3.8-2
Severity: important

Hi!

lft segfaults when defining a nonexistent network interface.
For example, I wrongly used "-D" instead "-d" here:

lft -D 443 josm.openstreetmap.de

gdb's thread apply all bt full output is attached.

Thank you!

Best regards,
Nelson

-- System Information:
Debian Release: buster/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable-debug'), (200, 'unstable'), 
(100, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.0-2-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8), 
LANGUAGE=pt_BR:pt:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages lft depends on:
ii  libc6       2.28-6
ii  libpcap0.8  1.8.1-6

lft recommends no packages.

lft suggests no packages.

-- no debconf information

Starting program: /usr/sbin/lft -D 443 josm.openstreetmap.de

Program received signal SIGSEGV, Segmentation fault.
__strnlen_sse2 () at ../sysdeps/x86_64/multiarch/../strlen.S:117
117     ../sysdeps/x86_64/multiarch/../strlen.S: No such file or directory.

Thread 1 (process 13787):
#0  __strnlen_sse2 () at ../sysdeps/x86_64/multiarch/../strlen.S:117
No locals.
#1  0x00007ffff7c1a7ee in __strncpy_sse2 (s1=0x7fffffffe230 
"\310\342\377\377\377\177", s2=0x0, n=15)
    at ../string/strncpy.c:29
        size = <optimized out>
#2  0x0000555555556dcb in strncpy (__len=15, __src=0x0, 
    __dest=0x7fffffffe230 "\310\342\377\377\377\177")
    at /usr/include/x86_64-linux-gnu/bits/string_fortified.h:106
No locals.
#3  lft_getifaddr (ifname=ifname@entry=0x0) at lft_ifname.c:52
        ifr = {ifr_ifrn = {ifrn_name = 
"\310\342\377\377\377\177\000\000\273\347\377\377\377\177\000"}, 
          ifr_ifru = {ifru_addr = {sa_family = 80, 
              sa_data = 
"\000\000\000\000\000\000\310\342\377\377\377\177\000"}, ifru_dstaddr = {
              sa_family = 80, sa_data = 
"\000\000\000\000\000\000\310\342\377\377\377\177\000"}, 
            ifru_broadaddr = {sa_family = 80, 
              sa_data = 
"\000\000\000\000\000\000\310\342\377\377\377\177\000"}, ifru_netmask = {
              sa_family = 80, sa_data = 
"\000\000\000\000\000\000\310\342\377\377\377\177\000"}, 
            ifru_hwaddr = {sa_family = 80, 
              sa_data = 
"\000\000\000\000\000\000\310\342\377\377\377\177\000"}, ifru_flags = 80, 
            ifru_ivalue = 80, ifru_mtu = 80, ifru_map = {mem_start = 80, 
mem_end = 140737488347848, 
              base_addr = 0, irq = 0 '\000', dma = 0 '\000', port = 0 '\000'}, 
            ifru_slave = 
"P\000\000\000\000\000\000\000\310\342\377\377\377\177\000", 
            ifru_newname = 
"P\000\000\000\000\000\000\000\310\342\377\377\377\177\000", 
            ifru_data = 0x50 <error: Cannot access memory at address 0x50>}}
        addr = <optimized out>
#4  0x000055555555e66f in LFTExecute (sess=0x555555572670) at lft_lib.c:3963
        addr = {s_addr = 3137404928}
        ebuf = 
"\037\000\000\000\000\000\000\000P\000\000\000\000\000\000\000\260\377\377\377\377\377\377\377\000\000\000\000\000\000\000\000\003\000\000\000\060",
 '\000' <repeats 19 times>, 
"[\000\000\000w\000\000\000\220\002\000\000\000\000\000\000\370E\274\367\377\177\000\000\a\000\000\000\000\000\000\000\000\220\324\367\377\177\000\000\004\000\000\000\000\000\000\000\070\345\377\377\377\177\000\000\001\000\000\000\000\000\000\000\305\320\364\200\000\000\000\000\260\234VUUU\000\000\303\265\306\367\377\177\000\000*\000\000\000:",
 '\000' <repeats 19 times>, 
"\\\000\000\000D\000\000\000\265\347\377\377\377\177\000\000\266\347\377\377\377\177\000\000\000\000\000\000\000\000\000\000"...
#5  0x00005555555569c7 in main (argc=4, argv=0x7fffffffe538) at lft.c:375
        sess = 0x555555572670
        ch = <optimized out>
        cp = <optimized out>
        tb = {tv_sec = 1550258905, tv_usec = 593777}