For some reason I only see this on MacOS, doesn't happen on Linux:
$ ./wpapcap2john wpa-Induction.pcapng
File wpa-Induction.pcapng: Radiotap encapsulation
Segmentation fault: 11
It only happens with pcap-ng files (any such file, not just this sample). It doesn't happen with the same sample in old pcap format. And it doesn't happen on Linux at all.
While looking into it I stumbled on #5471 that was reported and fixed while I couldn't participate. The fix in 939203c is obviously correct but there were one more copy-paste error (read + seek erroneously done twice) that will be fixed while I'm at this (although that code path is for an obsolete version of pcap-ng that we have no samples for). However, this whole paragraph is unrelated to my current problem.
Back to MacOS:
File wpa-Induction.pcapng: Radiotap encapsulation
Process 24178 stopped
* thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x2)
frame #0: 0x0000000100008406 wpapcap2john`process_packet(link_type=<unavailable>) at wpapcap2john.c:1528:16
1525 if (link_type == LINKTYPE_RADIOTAP_HDR) {
1526 if (snap_len < 4)
1527 return 0;
-> 1528 frame_skip = *(unsigned short*)&packet[2];
1529 #if !ARCH_LITTLE_ENDIAN
1530 frame_skip = swap32u(frame_skip);
1531 #endif
Target 0: (wpapcap2john) stopped.
(lldb) print packet
(uint8_t *) 0x0000000000000000
(lldb) print full_packet
(uint8_t *) 0x0000000000000000
(lldb) bt
* thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x2)
* frame #0: 0x0000000100008406 wpapcap2john`process_packet(link_type=<unavailable>) at wpapcap2john.c:1528:16
frame #1: 0x000000010000c3e6 wpapcap2john`process_ng(in=0x00007ff851efe9b0) at wpapcap2john.c:2062:9 [inlined]
frame #2: 0x000000010000c2c2 wpapcap2john`process(in=0x00007ff851efe9b0) at wpapcap2john.c:2132:10 [inlined]
frame #3: 0x000000010000c2af wpapcap2john`main(argc=2, argv=0x00007ff7bfeff500) at wpapcap2john.c:2427:4
frame #4: 0x00007ff81015a530 dyld`start + 3056
The real WTF is that packet is NULL here, yet not under Linux. I mean, it's the exact same code and sample!? We don't use any external pcap lib or anything that could be different versions, it's all in wpapcap2john.c. Maybe I should just try building with a different compiler...
For some reason I only see this on MacOS, doesn't happen on Linux:
It only happens with pcap-ng files (any such file, not just this sample). It doesn't happen with the same sample in old pcap format. And it doesn't happen on Linux at all.
While looking into it I stumbled on #5471 that was reported and fixed while I couldn't participate. The fix in 939203c is obviously correct but there were one more copy-paste error (read + seek erroneously done twice) that will be fixed while I'm at this (although that code path is for an obsolete version of pcap-ng that we have no samples for). However, this whole paragraph is unrelated to my current problem.
Back to MacOS:
The real WTF is that
packetis NULL here, yet not under Linux. I mean, it's the exact same code and sample!? We don't use any external pcap lib or anything that could be different versions, it's all inwpapcap2john.c. Maybe I should just try building with a different compiler...