C 下面的代码显示分段错误_C_Networking_Network Programming

C 下面的代码显示分段错误

c networking network-programming

C 下面的代码显示分段错误,c,networking,network-programming,C,Networking,Network Programming,为什么下面的代码显示分段错误 int CreateRawSocket(int protocol_to_sniff) { int rawsock; if((rawsock = socket(PF_PACKET, SOCK_RAW, htons(protocol_to_sniff)))== -1) { perror("Error creating raw socket: "); exit(-1); } return raws

为什么下面的代码显示分段错误

int CreateRawSocket(int protocol_to_sniff)
{
    int rawsock;

    if((rawsock = socket(PF_PACKET, SOCK_RAW, htons(protocol_to_sniff)))== -1)
    {
        perror("Error creating raw socket: ");
        exit(-1);
    }

    return rawsock;
}

int BindRawSocketToInterface(char *device, int rawsock, int protocol)
{

    struct sockaddr_ll sll;
    struct ifreq ifr;

    bzero(&sll, sizeof(sll));
     bzero(&ifr,sizeof(ifr));

    /* First Get the Interface Index  */

         char *t=(char*)ifr.ifr_name;
    strncpy(t, device, 1024);
    if((ioctl(rawsock, SIOCGIFINDEX, &ifr)) == -1)
    {
        printf("Error getting Interface index !\n");
        exit(-1);
    }

    /* Bind our raw socket to this interface */

    sll.sll_family = AF_PACKET;
    sll.sll_ifindex = ifr.ifr_ifindex;
    sll.sll_protocol = htons(protocol); 


    if((bind(rawsock, (struct sockaddr *)&sll, sizeof(sll)))== -1)
    {
        perror("Error binding raw socket to interface\n");
        exit(-1);
    }

    return 1;

}

void PrintPacketInHex(unsigned char *packet, int len)
{
    unsigned char *p = packet;

    printf("\n\n---------Packet---Starts----\n\n");

    while(len--)
    {
        printf("%.2x ", *p);
        p++;
    }

    printf("\n\n--------Packet---Ends-----\n\n");

}


main(int argc, char **argv)
{
    int raw;
    unsigned char packet_buffer[2048]; 
    int len;
    int packets_to_sniff;
    struct sockaddr_ll packet_info;
    int packet_info_size = sizeof(packet_info);

    /* create the raw socket */

    raw = CreateRawSocket(ETH_P_IP);

    /* Bind socket to interface */

    BindRawSocketToInterface(argv[1], raw, ETH_P_IP);

    /* Get number of packets to sniff from user */

    packets_to_sniff = atoi(argv[2]);

    /* Start Sniffing and print Hex of every packet */

    while(packets_to_sniff--)
    {
        if((len = recvfrom(raw, packet_buffer, 2048, 0, (struct sockaddr*)&packet_info, &packet_info_size)) == -1)
        {
            perror("Recv from returned -1: ");
            exit(-1);
        }
        else
        {
            /* Packet has been received successfully !! */

            PrintPacketInHex(packet_buffer, len);
        }
    }


    return 0;
}

如果由于未检查argc而未提供足够的命令行参数，则存在内存冲突。

崩溃是由例程bindrawsocketpointerface中的此行引起的：

strncpy(t, device, 1024);

这里您要求

strncpy

将1024字节写入

char*t

注意，
strncpy
用指定数量的空字节填充目标字符串（参见man strncpy）
但是
t
指向一个几乎不够大的数组，即
ifr.ifr\u name[IFNAMSIZ]
。在我的linux系统上，
IFNAMSIZ
只有16。因此，
strncpy
会溢出并破坏不应该触及的内存
更改
strncpy
参数以匹配正确的数组大小，如下所示修复了崩溃：

strncpy(t, device, IFNAMSIZ);

它在哪里坠毁？它在哪个地址崩溃？缓冲区的大小是多少？我甚至拒绝看这个。进行一些调试并缩小范围。您显然不是编程新手，否则就不会编写如此复杂的程序。一旦你把范围缩小到崩溃的特定模块和线路，请发回。哎呀，我的眼睛。空白太多了！！你也可以在valgrind运行它。