From owner-freebsd-bugs@FreeBSD.ORG Thu Jan 20 17:50:24 2005 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1C04416A4CE for ; Thu, 20 Jan 2005 17:50:24 +0000 (GMT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id D2BB743D4C for ; Thu, 20 Jan 2005 17:50:23 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.1/8.13.1) with ESMTP id j0KHoNNs045864 for ; Thu, 20 Jan 2005 17:50:23 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.1/8.13.1/Submit) id j0KHoN4Q045863; Thu, 20 Jan 2005 17:50:23 GMT (envelope-from gnats) Date: Thu, 20 Jan 2005 17:50:23 GMT Message-Id: <200501201750.j0KHoN4Q045863@freefall.freebsd.org> To: freebsd-bugs@FreeBSD.org From: Mohacsi Janos Subject: Re: bin/76497: tcpdump dumps core on ppp ipv6cp packets X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Mohacsi Janos List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Jan 2005 17:50:24 -0000 The following reply was made to PR bin/76497; it has been noted by GNATS. From: Mohacsi Janos To: Giorgos Keramidas Cc: Janos Mohacsi , bug-followup@freebsd.org, matthias.andree@web.de Subject: Re: bin/76497: tcpdump dumps core on ppp ipv6cp packets Date: Thu, 20 Jan 2005 18:42:01 +0100 (CET) The problem lies in the logic of the print-ppp. If it does not found a suitable protocol switch default sets the decoding function (pfunc) to NULL and then call it. The latest CVS version of print-ppp.c of tcpdump already handles ipv6cp properly and catches null pointer if unknown CP is found. On Thu, 20 Jan 2005, Giorgos Keramidas wrote: > On 2005-01-20 13:14, Janos Mohacsi wrote: >> Try to read into the tcpdump the attached uuencoded ip6cp packet. >> >> begin 644 ip6cp_packet >> MU,.RH0(`!````````````/__```!````$%'O02,!!@`\````/``````"/SM! >> M^@`*0DOL'(AD$0#=^P`0@%> *```````````````` >> ` >> end > > True! > > This makes tcpdump segfault in CURRENT too. Building an unstripped, > debug version of tcpdump gives: > > % (gdb) bt > % #0 0x00000000 in ?? () > % #1 0x0806d194 in handle_ctrl_proto (proto=32855, pptr=0x8184018 "\001\001", length=14) > % at /usr/src/usr.sbin/tcpdump/tcpdump/../../../contrib/tcpdump/print-ppp.c:447 > % #2 0x0806e477 in handle_ppp (proto=0, p=0x8184018 "\001\001", length=14) > % at /usr/src/usr.sbin/tcpdump/tcpdump/../../../contrib/tcpdump/print-ppp.c:1064 > % #3 0x0806e5fb in ppp_print (p=0x8184018 "\001\001", length=14) > % at /usr/src/usr.sbin/tcpdump/tcpdump/../../../contrib/tcpdump/print-ppp.c:1146 > % #4 0x0806eac0 in pppoe_print (bp=0x8184010 "\021", length=46) > % at /usr/src/usr.sbin/tcpdump/tcpdump/../../../contrib/tcpdump/print-pppoe.c:212 > % #5 0x0805aacf in ether_encap_print (ether_type=34916, p=0x8184010 "\021", length=46, caplen=46, extracted_ether_type=0xbfbfe73a) > % at /usr/src/usr.sbin/tcpdump/tcpdump/../../../contrib/tcpdump/print-ether.c:257 > % #6 0x0805a5e1 in ether_print (p=0x8184010 "\021", length=46, caplen=46) > % at /usr/src/usr.sbin/tcpdump/tcpdump/../../../contrib/tcpdump/print-ether.c:142 > % #7 0x0805a723 in ether_if_print (h=0x0, p=0x8184002 "") > % at /usr/src/usr.sbin/tcpdump/tcpdump/../../../contrib/tcpdump/print-ether.c:162 > % #8 0x08083724 in print_packet (user=0x0, h=0xbfbfe7e0, sp=0x8184002 "") > % at /usr/src/usr.sbin/tcpdump/tcpdump/../../../contrib/tcpdump/tcpdump.c:1010 > % #9 0x280d69a6 in pcap_offline_read () from /usr/lib/libpcap.so.3 > % #10 0x280e2750 in pcap_loop () from /usr/lib/libpcap.so.3 > % #11 0x0808321f in main (argc=3, argv=0x80836f0) at /usr/src/usr.sbin/tcpdump/tcpdump/../../../contrib/tcpdump/tcpdump.c:803 > > Janos Mohacsi Network Engineer, Research Associate NIIF/HUNGARNET, HUNGARY Key 00F9AF98: 8645 1312 D249 471B DBAE 21A2 9F52 0D1F 00F9 AF98