[Bug] NULL Pointer Dereference in macinstring() at mac.c:120

[Marsman1996]

Describe the bug
There is a NULL Pointer Dereference in macinstring() when the user passes empty mac string to tcpprep in Source MAC split mode.

To Reproduce
Steps to reproduce the behavior:

1. Get the Tcpreplay source code and compile it.

$ ./configure
$ make

2. Run Command $ ./tcpprep -e "" --pcap=./test.pcap --cachefile=/dev/null
   The file test.pcap is from tcpreplay codebase, which is located in test/test.pcap.

Expected behavior
Program crashes with Segmentation fault.

The GDB report:

$ gdb --args ./bin_normal/bin/tcpprep -e "" --pcap=./code/test/test.pcap --cachefile=/dev/null

(gdb) r
Starting program: /home/ubuntu178/cvelibf/test/tcpreplay/latest/bin_normal/bin/tcpprep -e '' --pcap=./code/test/test.pcap --cachefile=/dev/null

Program received signal SIGSEGV, Segmentation fault.
0x0000555555562b50 in macinstring (macstring=0x55555558dbf0 "", mac=0x55555558f0e6 "\370\036\337\345\204:\b") at mac.c:120
120         if (strlen(tempstr)) {
(gdb) bt
#0  0x0000555555562b50 in macinstring (macstring=0x55555558dbf0 "", mac=0x55555558f0e6 "\370\036\337\345\204:\b") at mac.c:120
#1  0x00005555555596b6 in process_raw_packets (pcap=0x55555558ee40) at tcpprep.c:450
#2  0x0000555555558d23 in main (argc=5, argv=0x7fffffffc2d8) at tcpprep.c:144

The ASAN report:

$ ./bin_asan/bin/tcpprep -e "" --pcap=./code/test/test.pcap --cachefile=/dev/null
AddressSanitizer:DEADLYSIGNAL
=================================================================
==3017398==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x000000516fd4 bp 0x7ffe41169c70 sp 0x7ffe41169b80 T0)
==3017398==The signal is caused by a READ memory access.
==3017398==Hint: address points to the zero page.
    #0 0x516fd4 in macinstring /home/ubuntu178/cvelibf/test/tcpreplay/latest/build_asan/src/common/../../../code/src/common/mac.c:120:9
    #1 0x4fe345 in process_raw_packets /home/ubuntu178/cvelibf/test/tcpreplay/latest/build_asan/src/../../code/src/tcpprep.c:450:25
    #2 0x4fe345 in main /home/ubuntu178/cvelibf/test/tcpreplay/latest/build_asan/src/../../code/src/tcpprep.c:144:23
    #3 0x7fb921f310b2 in __libc_start_main /build/glibc-eX1tMB/glibc-2.31/csu/../csu/libc-start.c:308:16
    #4 0x41f4ed in _start (/home/ubuntu178/cvelibf/test/tcpreplay/latest/bin_asan/bin/tcpprep+0x41f4ed)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /home/ubuntu178/cvelibf/test/tcpreplay/latest/build_asan/src/common/../../../code/src/common/mac.c:120:9 in macinstring
==3017398==ABORTING

System (please complete the following information):

• OS: Ubuntu
• OS version: 20.04, 64 bit
• Tcpreplay Version: master bcb107a

./bin_normal/bin/tcprewrite -V
tcprewrite version: 4.4.3 (build git:v4.4.3)
Copyright 2013-2022 by Fred Klassen <tcpreplay at appneta dot com> - AppNeta
Copyright 2000-2012 by Aaron Turner <aturner at synfin dot net>
The entire Tcpreplay Suite is licensed under the GPLv3
Cache file supported: 04
Not compiled with libdnet.
Compiled against libpcap: 1.9.1
64 bit packet counters: enabled
Verbose printing via tcpdump: enabled
Fragroute engine: disabled

[Marsman1996]

This crash is because the program does not check whether the string after the strtok_r() process is NULL.

#783 could fix this.

[fklassen]

Fixed in PR #783