From a86b679404113ef7ff01ec345b12f71f558b5130 Mon Sep 17 00:00:00 2001
From: dmiller <dmiller@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Thu, 12 Feb 2015 16:52:02 +0000
Subject: [PATCH] Fix WinPcap crash on pcap_findalldevs error

See http://seclists.org/nmap-dev/2015/q1/176

Fixes #15
---
 CHANGELOG                           |  3 +++
 libdnet-stripped/NMAP_MODIFICATIONS | 25 +++++++++++++++++++++++++
 libdnet-stripped/src/intf-win32.c   |  3 ++-
 tcpip.cc                            |  5 +++--
 4 files changed, 33 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index cf267d903..52957ec24 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,5 +1,8 @@
 # Nmap Changelog ($Id$); -*-text-*-
 
+o Solve a crash on Windows 8.1 on Surface Pro 3 caused by WinPcap trying to
+  write an error message to a NULL pointer. [Peter Malecka]
+
 o Change the URI for the fingerprint submitter to its new location at
   https://nmap.org/cgi-bin/submit.cgi
 
diff --git a/libdnet-stripped/NMAP_MODIFICATIONS b/libdnet-stripped/NMAP_MODIFICATIONS
index 26e490ab7..fa62cb720 100644
--- a/libdnet-stripped/NMAP_MODIFICATIONS
+++ b/libdnet-stripped/NMAP_MODIFICATIONS
@@ -2007,3 +2007,28 @@ index 8953b5b..05a0692 100644
  	case ARP_HRD_IEEE80211_RADIOTAP: /* IEEE 802.11 + radiotap header */
  		a->addr_type = ADDR_TYPE_ETH;
  		a->addr_bits = ETH_ADDR_BITS;
+
+o Fix a crash when pcap_findalldevs encounters errors and tries to write to
+  errbuf. As demonstrated by WinPcap crashing on Surface Pro 3
+
+diff --git a/libdnet-stripped/src/intf-win32.c b/libdnet-stripped/src/intf-win32.c
+index 22c2d59..22c1e6a 100644
+--- a/libdnet-stripped/src/intf-win32.c
++++ b/libdnet-stripped/src/intf-win32.c
+@@ -425,6 +425,7 @@ intf_get_pcap_devname(const char *intf_name, char *pcapdev, int pcapdevlen)
+ 	pcap_if_t *pcapdevs;
+ 	pcap_if_t *pdev, *selected;
+ 	intf_t *intf;
++	char errbuf[PCAP_ERRBUF_SIZE];
+ 
+ 	if ((intf = intf_open()) == NULL)
+ 		return (-1);
+@@ -439,7 +440,7 @@ intf_get_pcap_devname(const char *intf_name, char *pcapdev, int pcapdevlen)
+ 		return (-1);
+ 	}
+ 
+-	if (pcap_findalldevs(&pcapdevs, NULL) == -1) {
++	if (pcap_findalldevs(&pcapdevs, errbuf) == -1) {
+ 		intf_close(intf);
+ 		return (-1);
+ 	}
diff --git a/libdnet-stripped/src/intf-win32.c b/libdnet-stripped/src/intf-win32.c
index 22c2d5951..22c1e6af7 100644
--- a/libdnet-stripped/src/intf-win32.c
+++ b/libdnet-stripped/src/intf-win32.c
@@ -425,6 +425,7 @@ intf_get_pcap_devname(const char *intf_name, char *pcapdev, int pcapdevlen)
 	pcap_if_t *pcapdevs;
 	pcap_if_t *pdev, *selected;
 	intf_t *intf;
+	char errbuf[PCAP_ERRBUF_SIZE];
 
 	if ((intf = intf_open()) == NULL)
 		return (-1);
@@ -439,7 +440,7 @@ intf_get_pcap_devname(const char *intf_name, char *pcapdev, int pcapdevlen)
 		return (-1);
 	}
 
-	if (pcap_findalldevs(&pcapdevs, NULL) == -1) {
+	if (pcap_findalldevs(&pcapdevs, errbuf) == -1) {
 		intf_close(intf);
 		return (-1);
 	}
diff --git a/tcpip.cc b/tcpip.cc
index d208fd269..cf9726673 100644
--- a/tcpip.cc
+++ b/tcpip.cc
@@ -2033,9 +2033,10 @@ pcap_if_t *getpcapinterfaces() {
   return NULL;
 #endif
   pcap_if_t *p_ifaces;
+  char errbuf[PCAP_ERRBUF_SIZE];
 
-  if ((pcap_findalldevs(&p_ifaces, NULL)) == -1) {
-    fatal("pcap_findalldevs() : Cannot retrieve pcap interfaces");
+  if ((pcap_findalldevs(&p_ifaces, errbuf)) == -1) {
+    fatal("pcap_findalldevs(): Cannot retrieve pcap interfaces: %s", errbuf);
     return NULL;
   }
   return p_ifaces;