## Summary When using sshdump on a remote host, if --remote-interface is left empty, sshdump will crash with sigsegv and this error: ** (sshdump:1923) 14:07:09.069822 [GLib CRITICAL] -- g_strsplit: assertion 'string != NULL' failed Segmentation fault (core dumped) When --remote-interface <remote-interface-name> is added, no core dump. ## Steps to reproduce 1. Start a remote host with wireshark installed (dumpcap) and with an ssh access from a local host. 2. Start sshdump from local host to the remote host like this: ``` /usr/lib64/wireshark/extcap/sshdump --capture --extcap-interface sshdump --fifo /tmp/wireshark_extcap_sshdump8KXIY1 --remote-port 22 --remote-capture-command-select dumpcap --log-file /tmp/sshdump.log --log-level noisy --remote-host X.X.X.X ``` ## What is the current bug behavior? Core dump in extcap/sshdump.c on these lines: ``` } else if (!g_strcmp0(capture_command_select, "dumpcap")) { ifaces_array = g_strsplit(iface, " ", -1); <----- failed assert ifaces_string = g_string_new(NULL); while (ifaces_array[ifaces_array_num]) <--- actual core dump { quoted_iface = g_shell_quote(ifaces_array[ifaces_array_num]); g_string_append_printf(ifaces_string, "-i %s ", quoted_iface); ifaces_array_num++; } ``` The remote_interface is set to NULL in main but never set to anything else or checked. Not sure if it makes sense to check for it in main before calling ssh_open_remote_connection, I think not because the remote-interface would have to become an obligatory option like --remote-host. Maybe just skip the while part in run_ssh_command, since dumpcap is capable of choosing the remote-interface by itself? Let me know what you think should be the proper way and I can try and send an MR. ## What is the expected correct behavior? No core dump ## Build information I tested this with wireshark-4.0.3 in Fedora, but this is still in the master as well.