Subject: unchecked double linked list prev pointer cause SIGSEGV

unchecked double linked list prev pointer cause SIGSEGV

From: massimo dragano <tuxmind.bug_at_gmail.com>
Date: Thu, 26 Mar 2015 15:57:48 +0100

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 21995]
0x400c8c54 in ares__remove_from_list (node=0x4203cf84)
    at
/home/max/Documenti/cSploit/android/cSploit/jni/libcares/ares_llist.c:57
57 node->prev->next = node->next;
(gdb) l
52 }
53
54 /* Removes the node from the list it's in, if any */
55 void ares__remove_from_list(struct list_node* node) {
56 if (node->next != NULL) {
57 node->prev->next = node->next;
58 node->next->prev = node->prev;
59 node->prev = NULL;
60 node->next = NULL;
61 }
(gdb) p node
$1 = (struct list_node *) 0x4203cf84
(gdb) p *node
$2 = {prev = 0x0, next = 0x4203fee4, data = 0x4203cf60}
(gdb) bt
#0 0x400c8c54 in ares__remove_from_list (node=0x4203cf84)
    at
/home/max/Documenti/cSploit/android/cSploit/jni/libcares/ares_llist.c:57
#1 0x400cb2b8 in ares__send_query (channel=0x42031088, query=0x4203cf60,
now=0x402ffd20)
    at
/home/max/Documenti/cSploit/android/cSploit/jni/libcares/ares_process.c:848
#2 0x400ccd18 in ares_send (channel=0x42031088, qbuf=0x4203f678
"\345\310\001", qlen=43,
    callback=0x400cc76c <qcallback>, arg=0x4203c9f0)
    at
/home/max/Documenti/cSploit/android/cSploit/jni/libcares/ares_send.c:130
#3 0x400cc754 in ares_query (channel=0x42031088, name=0x402ffd8c
"13.93.168.10.in-addr.arpa", dnsclass=1,
    type=12, callback=0x400c631c <addr_callback>, arg=0x4203dd58)
    at
/home/max/Documenti/cSploit/android/cSploit/jni/libcares/ares_query.c:143
#4 0x400c6278 in next_lookup (aquery=0x4203dd58)
    at
/home/max/Documenti/cSploit/android/cSploit/jni/libcares/ares_gethostbyaddr.c:116
#5 0x400c61c0 in ares_gethostbyaddr (channel=0x42031088, addr=0x402ffe4c,
addrlen=4, family=2,
    callback=0x400c3928 <on_query_end>, arg=0xd5da80a)
    at
/home/max/Documenti/cSploit/android/cSploit/jni/libcares/ares_gethostbyaddr.c:99
#6 0x400c3b14 in begin_dns_lookup (ip=224241674)
    at
/home/max/Documenti/cSploit/android/cSploit/jni/network-radar/resolver.c:82
#7 0x400c156c in on_host_found (mac=0x4203cf16 "", ip=224241674, name=0x0,
lstatus=0 '\000')
    at
/home/max/Documenti/cSploit/android/cSploit/jni/network-radar/host.c:162
#8 0x400c0aa0 in analyze_arp (arp=0x4203cf0e)
    at
/home/max/Documenti/cSploit/android/cSploit/jni/network-radar/analyzer.c:147
#9 0x400c0d9c in analyzer (arg=0x0)
    at
/home/max/Documenti/cSploit/android/cSploit/jni/network-radar/analyzer.c:226
Received on 2015-03-26