Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-bugs: [Wireshark-bugs] [Bug 2177] New: Wireshark 0.99.7 crashes (aborts due to Xlib er

Date: Wed, 9 Jan 2008 04:44:10 +0000 (GMT)
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2177

           Summary: Wireshark 0.99.7 crashes (aborts due to Xlib error) if
                    exec of /usr/bin/dumpcap fails
           Product: Wireshark
           Version: 0.99.7
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: Major
          Priority: Low
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: kevin.pyle@xxxxxxxxxxxx


Build Information:
Wireshark 0.99.7 as provided by Gentoo package
net-analyzer/wireshark-0.99.7.ebuild, ebuild version 1.6.
gcc version 4.1.2 (Gentoo 4.1.2) on i686-pc-linux-gnu
--
To get the list of interfaces, Wireshark defers to the privileged helper
process dumpcap.  The function capture_sync.c!sync_pipe_open_command forks and
execs a dumpcap helper.  However, if the child process fails to exec dumpcap,
it *returns* instead of calling _exit.  The parent and child process both run
wireshark code and both use the same X11 socket and X11 windows.  This leads to
a fatal Xlib error within seconds.

I encountered this bug because I use Wireshark only to view pcap files created
by other programs.  As such, I did not grant my user account permission to run
/usr/bin/dumpcap, since I did not need to do live captures.

This failure can be reproduced by removing /usr/bin/dumpcap or changing the
permissions such that the user running Wireshark does not have permission to
execute it, then opening the Preferences dialog in Wireshark.  On Gentoo,
/usr/bin/dumpcap is installed as root:wireshark 4710, so users who are not in
the wireshark group fail to exec dumpcap and experience this bug.

If the child process fails to exec dumpcap, it must exit without allowing any
further Xlib calls to occur.  It would be nice if the child could pass some
message to the parent process explaining that the child failed to execute
properly and providing the value of errno, but such a change may be too
extensive for a minor patch for a released version.  If the child process exits
silently, then the parent Wireshark process will run successfully, but all
interface lists will be blank without any reason displayed.


-- 
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.