Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug] Reachable assertion in packet2tree() #715

Closed
Marsman1996 opened this issue Feb 15, 2022 · 3 comments
Closed

[Bug] Reachable assertion in packet2tree() #715

Marsman1996 opened this issue Feb 15, 2022 · 3 comments
Assignees
@fklassen
Labels
Cannot reproduce

Comments

@Marsman1996
Copy link
Contributor

Marsman1996 commented Feb 15, 2022
edited
Loading

Describe the bug
The assertion assert(l2len > 0); in packet2tree() at tree.c is reachable when the user uses tcpprep to open a crafted pcap file.
The variable l2len is assigned in get_l2len_protocol() at get.c.

tcpreplay/src/tree.c

Lines 733 to 746 in 09f0774

res = get_l2len_protocol(data,
pkt_len,
datalink,
&ether_type,
&l2len,
&l2offset,
&vlan_offset);
if (res == -1)
goto len_error;
node = new_tree();
assert(l2len > 0);

However, when the datalink is DLT_RAW or DLT_JUNIPER_ETHER, l2len is assigned with 0, and the assertion is triggered.

tcpreplay/src/common/get.c

Lines 268 to 282 in 09f0774

*l2len = 0;
*l2offset = 0;
*vlan_offset = 0;
switch (datalink) {
case DLT_RAW:
if (datalen == 0)
return -1;
if ((pktdata[0] >> 4) == 4)
*protocol = ETHERTYPE_IP;
else if ((pktdata[0] >> 4) == 6)
*protocol = ETHERTYPE_IP6;
break;
case DLT_JUNIPER_ETHER:

To Reproduce
Steps to reproduce the behavior:

  1. Get the Tcpreplay source code (master 09f0774) and compile it.
  2. Run command: $ tcpprep --auto=bridge --pcap=$POC --cachefile=/dev/null
    The POC file could be downloaded here:
    POC_file

Expected behavior
Program reports assertion failure and is terminated.

Screenshots
image

The GDB report:

Breakpoint 6, packet2tree (data=0x7ffff7ef8010 "@", len=33, datalink=12) at ../../code/src/tree.c:733
733         res = get_l2len_protocol(data,
(gdb) p datalink 
$8 = 12
(gdb) n
741         if (res == -1)
(gdb) 
744         node = new_tree();
(gdb) 

Breakpoint 1, packet2tree (data=0x7ffff7ef8010 "@", len=33, datalink=<optimized out>) at ../../code/src/tree.c:746
746         assert(l2len > 0);
(gdb) p l2len 
$9 = 0
(gdb) c
Continuing.
tcpprep: ../../code/src/tree.c:746: tcpr_tree_t *packet2tree(const u_char *, const int, int): Assertion `l2len > 0' failed.

Program received signal SIGABRT, Aborted.
0x00007ffff7194438 in __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:54
54      ../sysdeps/unix/sysv/linux/raise.c: No such file or directory.

System (please complete the following information):

  • OS: Ubuntu
  • OS version: 16.04, 64 bit
  • Tcpreplay Version: 4.4.1 (master 09f0774)
@fklassen fklassen self-assigned this Aug 1, 2022
@fklassen
Copy link
Member

fklassen commented Aug 1, 2022

Unable to recreate. What is your ./configure command?

Here is my log:

$ ./configure --with-testnic=ens33
...
$ make
...
$ src/tcpprep --auto=bridge --pcap=$POC --cachefile=/dev/null

Fatal Error: Error opening file: invalid file capture length 264194, bigger than maximum of 262144

@fklassen
Copy link
Member

fklassen commented Aug 1, 2022

Closing as "Cannot reproduce" however I believe that whatever you are seeing may be fixed with #716.

@fklassen fklassen closed this as completed Aug 1, 2022
@5hadowblad3 5hadowblad3 mentioned this issue Oct 28, 2022
Closed
@fklassen
Copy link
Member

fklassen commented Dec 29, 2022
edited
Loading

Able to reproduce with #746 and to be fixed in 4.4.3. #678, commit 46cf964a

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@fklassen fklassen

Labels
Cannot reproduce
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@fklassen @Marsman1996