stack-buffer-overflow in tcpcapinfo

[gy741]

Hi.

I found Crash in tcpcapinfo

Please confirm.

PoC : Download

Thanks.

OS: Ubuntu 16.04.2 32bit
To reproduce: ./tcpcapinfo poc
tcpcapinfo version: 4.2.6 (build git:v4.2.6-4-g54da347)
Copyright 2000-2010 by Aaron Turner
The entire Tcpreplay Suite is licensed under the GPLv3

valgrind Information:

file size   = 18767 bytes
magic       = 0x85b2c3d4 (unknown)
version     = 2.4
thiszone    = 0x91919100
sigfigs     = 0x91919191
snaplen     = 2442236305
linktype    = 0x00040091
Packet	OrigLen		Caplen		Timestamp	Csum	Note
1	   0		  96		0.a1b2c3d4	1c838	OK
2	   0		   0		0.0	0	OK
3	   0		   0		0.0	0	OK
4	   0		   0		0.0	0	OK
5	   0		   0		0.0	0	OK
6	   0		   0		0.0	0	OK
7	   0		   0		0.0	0	OK
8	   0		   0		0.0	0	OK
9	   0		   0		0.0	0	OK
10	   0		   0		0.0	0	OK
11	   0		   0		0.0	0	OK
12	   0		   0		0.0	0	OK
13	   0		   0		0.0	0	OK
14	   0		   0		0.0	0	OK
15	   0		   0		0.0	0	OK
16	   0		   0		0.0	0	OK
17	   0		   0		0.0	0	OK
18	   0		   0		0.0	0	OK
19	   0		   0		0.0	0	OK
20	   0		   0		0.0	0	OK
21	   0		   0		0.0	0	OK
22	   0		   0		0.0	0	OK
23	   0		   0		0.0	0	OK
24	   0		   0		0.0	0	OK
25	   0		   0		0.0	0	OK
26	   0		   0		0.0	0	OK
27	   0		   0		0.0	0	OK
28	   0		   0		0.0	0	OK
29	   0		   0		0.0	0	OK
30	   0		   0		0.0	0	OK
31	   0		   0		0.0	0	OK
32	   0		   0		0.0	0	OK
33	   0		   0		0.0	0	OK
34	   0		   0		0.0	0	OK
35	   0		   0		0.0	0	OK
36	   0		   0		0.0	0	OK
37	   0		   0		0.0	0	OK
38	   0		   0		0.0	0	OK
39	   0		   0		0.0	0	OK
40	   0		   0		0.0	0	OK
41	   0		   0		0.0	0	OK
42	   0		   0		0.0	0	OK
43	   0		   0		0.0	0	OK
44	   0		   0		0.0	0	OK
45	   0		   0		0.0	0	OK
46	   0		   0		0.0	0	OK
47	   0		   0		0.0	0	OK
48	   0		   0		0.0	0	OK
49	   0		   0		0.0	0	OK
50	   0		   0		0.0	0	OK
51	   0		   0		0.0	0	OK
52	   0		   0		0.0	0	OK
53	   0		   0		0.0	0	OK
54	   0		   0		0.0	0	OK
55	   0		   0		0.0	0	OK
56	   0		   0		0.0	0	OK
57	   0		   0		0.0	0	OK
58	   0		   0		0.0	0	OK
59	   0		   0		0.0	0	OK
60	   0		   0		0.0	0	OK
61	   0		   0		0.0	0	OK
62	   0		   0		0.0	0	OK
63	   0		   0		0.0	0	OK
64	   0		   0		0.0	0	OK
65	   0		   0		0.0	0	OK
66	   0		   0		0.0	0	OK
67	   0		   0		0.0	0	OK
68	   0		   0		0.0	0	OK
69	   0		   0		0.0	0	OK
70	   0		   0		0.0	0	OK
71	   0		   0		0.0	0	OK
72	   0		   0		0.0	0	OK
73	   0		   0		0.0	0	OK
74	   0		   0		0.0	0	OK
75	   0		   0		0.0	0	OK
76	   0		   0		0.0	0	OK
77	   0		   0		0.0	0	OK
78	   0		   0		0.0	0	OK
79	   0		   0		0.0	0	OK
80	   0		   0		0.0	0	OK
81	   0		   0		0.0	0	OK
82	   0		   0		0.0	0	OK
83	   0		   0		0.0	0	OK
84	   0		   0		0.0	0	OK
85	   0		   0		0.0	0	OK
86	   0		   0		0.0	0	OK
87	   0		   0		0.0	0	OK
88	   0		   0		0.0	0	OK
89	   0		   0		0.0	0	OK
90	   0		   0		0.0	0	OK
91	   0		   0		0.0	0	OK
92	   0		   0		0.0	0	OK
93	   0		   0		0.0	0	OK
94	   0		   0		0.0	0	OK
95	   0		   0		0.0	0	OK
96	   0		   0		0.0	0	OK
97	   0		   0		0.0	0	OK
98	   0		   0		0.0	0	OK
99	   0		   0		0.0	0	OK
100	   0		   0		0.0	0	OK
101	   0		   0		0.0	0	OK
102	   0		   0		0.0	0	OK
103	   0		   0		0.0	0	OK
104	   0		   0		0.0	0	OK
105	   0		   0		0.0	0	OK
106	   0		   0		0.0	0	OK
107	   0		   0		0.0	0	OK
108	   0		   0		0.0	0	OK
109	   0		   0		0.0	0	OK
110	   0		   0		0.0	0	OK
111	   0		   0		0.0	0	OK
112	   0		   0		0.0	0	OK
113	   0		   0		0.0	0	OK
114	   0		   0		0.0	0	OK
115	   0		   0		0.0	0	OK
116	   0		   0		0.0	0	OK
117	   0		   0		0.0	0	OK
118	   0		   0		0.0	0	OK
119	   0		   0		0.0	0	OK
120	   0		   0		0.0	0	OK
121	   0		   0		0.0	0	OK
122	   0		   0		0.0	0	OK
123	   0		   0		0.0	0	OK
124	   0		   0		0.0	0	OK
125	   0		   0		0.0	0	OK
126	   0		   0		0.0	0	OK
127	   0		   0		0.0	0	OK
128	   0		   0		0.0	0	OK
129	   0		   0		0.0	0	OK
130	   0		   0		0.0	0	OK
131	   0		   0		0.0	0	OK
132	   0		   0		0.0	0	OK
133	   0		   0		0.0	0	OK
134	   0		   0		0.0	0	OK
135	   0		   0		0.0	0	OK
136	   0		   0		0.0	0	OK
137	   0		   0		0.0	0	OK
138	   0		   0		0.0	0	OK
139	   0		   0		0.0	0	OK
140	   0		   0		0.0	0	OK
141	   0		   0		0.0	0	OK
142	   0		   0		0.0	0	OK
143	   0		   0		0.0	0	OK
144	   0		   0		0.0	0	OK
145	   0		   0		0.0	0	OK
146	   0		   0		0.0	0	OK
147	   0		   0		0.0	0	OK
148	   0		   0		0.0	0	OK
149	   0		   0		0.0	0	OK
150	   0		   0		0.0	0	OK
151	   0		   0		0.0	0	OK
152	   0		   0		0.0	0	OK
153	   0		   0		0.0	0	OK
154	   0		   0		0.0	0	OK
155	   0		   0		0.0	0	OK
156	   0		   0		0.0	0	OK
157	   0		   0		0.0	0	OK
158	   0		   0		0.0	0	OK
159	   0		   0		0.0	0	OK
160	   0		   0		0.0	0	OK
161	   0		   0		0.0	0	OK
162	   0		   0		0.0	0	OK
163	   0		   0		0.0	0	OK
164	   0		   0		0.0	0	OK
165	   0		   0		0.0	0	OK
166	   0		   0		0.0	0	OK
167	   0		   0		0.0	0	OK
168	   0		   0		0.0	0	OK
169	   0		   0		0.0	0	OK
170	   0		   0		0.0	0	OK
171	   0		   0		0.0	0	OK
172	   0		   0		0.0	0	OK
173	   0		   0		0.0	0	OK
174	   0		   0		0.0	0	OK
175	   0		   0		0.0	0	OK
176	   0		   0		0.0	0	OK
177	   0		   0		0.0	0	OK
178	   0		   0		0.0	0	OK
179	   0		   0		0.0	0	OK
180	   0		   0		0.0	0	OK
181	   0		   0		0.0	0	OK
182	   0		   0		21.0	0	OK
183	262144		   0		0.0	0	OK
184	   0		   0		0.0	0	OK
185	   0		   0		0.0	0	OK
186	   0		   0		0.0	0	OK
187	   0		   0		0.0	0	OK
188	   0		   0		0.0	0	OK
189	   0		   0		0.0	0	OK
190	   0		   0		0.0	0	OK
191	   0		   0		0.0	0	OK
192	   0		   0		0.0	0	OK
193	   0		   0		0.0	0	OK
194	   0		   0		0.0	0	OK
195	   0		   0		0.0	0	OK
196	   0		   0		0.0	0	OK
197	   0		   0		0.0	0	OK
198	   0		   0		0.0	0	OK
199	   0		   0		0.0	0	OK
200	   0		   0		0.0	0	OK
201	   0		   0		0.0	0	OK
202	   0		   0		0.0	0	OK
203	   0		   0		0.0	0	OK
204	   0		   0		0.0	0	OK
205	   0		   0		0.0	0	OK
206	   0		   0		0.0	0	OK
207	   0		   0		0.0	0	OK
208	   0		   0		0.0	0	OK
209	   0		   0		0.0	0	OK
210	   0		   0		0.0	0	OK
211	   0		   0		0.0	0	OK
212	   0		   0		0.0	0	OK
213	   0		   0		0.0	0	OK
214	   0		   0		0.0	0	OK
215	   0		   0		0.0	0	OK
216	   0		   0		0.0	0	OK
217	   0		   0		0.0	0	OK
218	   0		   0		0.0	0	OK
219	   0		   0		0.0	0	OK
==2408== Syscall param read(buf) points to unaddressable byte(s)
==2408==    at 0x41479A3: __read_nocancel (syscall-template.S:84)
==2408==    by 0x8049813: main (in /home/gwanyeong/tcpreplay/src/tcpcapinfo)
==2408==  Address 0xbe95e000 is not stack'd, malloc'd or (recently) free'd
==2408== 
220	   0		65535		0.ffff0000File truncated!  Unable to jump to next packet.
==2408== 
==2408== HEAP SUMMARY:
==2408==     in use at exit: 0 bytes in 0 blocks
==2408==   total heap usage: 9 allocs, 9 frees, 263,392 bytes allocated
==2408== 
==2408== All heap blocks were freed -- no leaks are possible
==2408== 
==2408== For counts of detected and suppressed errors, rerun with: -v
==2408== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)

Asan Information

file size   = 18767 bytes
magic       = 0x85b2c3d4 (unknown)
version     = 2.4
thiszone    = 0x91919100
sigfigs     = 0x91919191
snaplen     = 2442236305
linktype    = 0x00040091
Packet	OrigLen		Caplen		Timestamp	Csum	Note
1	   0		  96		0.a1b2c3d4	1c838	OK
2	   0		   0		0.0	0	OK
3	   0		   0		0.0	0	OK
4	   0		   0		0.0	0	OK
5	   0		   0		0.0	0	OK
6	   0		   0		0.0	0	OK
7	   0		   0		0.0	0	OK
8	   0		   0		0.0	0	OK
9	   0		   0		0.0	0	OK
10	   0		   0		0.0	0	OK
11	   0		   0		0.0	0	OK
12	   0		   0		0.0	0	OK
13	   0		   0		0.0	0	OK
14	   0		   0		0.0	0	OK
15	   0		   0		0.0	0	OK
16	   0		   0		0.0	0	OK
17	   0		   0		0.0	0	OK
18	   0		   0		0.0	0	OK
19	   0		   0		0.0	0	OK
20	   0		   0		0.0	0	OK
21	   0		   0		0.0	0	OK
22	   0		   0		0.0	0	OK
23	   0		   0		0.0	0	OK
24	   0		   0		0.0	0	OK
25	   0		   0		0.0	0	OK
26	   0		   0		0.0	0	OK
27	   0		   0		0.0	0	OK
28	   0		   0		0.0	0	OK
29	   0		   0		0.0	0	OK
30	   0		   0		0.0	0	OK
31	   0		   0		0.0	0	OK
32	   0		   0		0.0	0	OK
33	   0		   0		0.0	0	OK
34	   0		   0		0.0	0	OK
35	   0		   0		0.0	0	OK
36	   0		   0		0.0	0	OK
37	   0		   0		0.0	0	OK
38	   0		   0		0.0	0	OK
39	   0		   0		0.0	0	OK
40	   0		   0		0.0	0	OK
41	   0		   0		0.0	0	OK
42	   0		   0		0.0	0	OK
43	   0		   0		0.0	0	OK
44	   0		   0		0.0	0	OK
45	   0		   0		0.0	0	OK
46	   0		   0		0.0	0	OK
47	   0		   0		0.0	0	OK
48	   0		   0		0.0	0	OK
49	   0		   0		0.0	0	OK
50	   0		   0		0.0	0	OK
51	   0		   0		0.0	0	OK
52	   0		   0		0.0	0	OK
53	   0		   0		0.0	0	OK
54	   0		   0		0.0	0	OK
55	   0		   0		0.0	0	OK
56	   0		   0		0.0	0	OK
57	   0		   0		0.0	0	OK
58	   0		   0		0.0	0	OK
59	   0		   0		0.0	0	OK
60	   0		   0		0.0	0	OK
61	   0		   0		0.0	0	OK
62	   0		   0		0.0	0	OK
63	   0		   0		0.0	0	OK
64	   0		   0		0.0	0	OK
65	   0		   0		0.0	0	OK
66	   0		   0		0.0	0	OK
67	   0		   0		0.0	0	OK
68	   0		   0		0.0	0	OK
69	   0		   0		0.0	0	OK
70	   0		   0		0.0	0	OK
71	   0		   0		0.0	0	OK
72	   0		   0		0.0	0	OK
73	   0		   0		0.0	0	OK
74	   0		   0		0.0	0	OK
75	   0		   0		0.0	0	OK
76	   0		   0		0.0	0	OK
77	   0		   0		0.0	0	OK
78	   0		   0		0.0	0	OK
79	   0		   0		0.0	0	OK
80	   0		   0		0.0	0	OK
81	   0		   0		0.0	0	OK
82	   0		   0		0.0	0	OK
83	   0		   0		0.0	0	OK
84	   0		   0		0.0	0	OK
85	   0		   0		0.0	0	OK
86	   0		   0		0.0	0	OK
87	   0		   0		0.0	0	OK
88	   0		   0		0.0	0	OK
89	   0		   0		0.0	0	OK
90	   0		   0		0.0	0	OK
91	   0		   0		0.0	0	OK
92	   0		   0		0.0	0	OK
93	   0		   0		0.0	0	OK
94	   0		   0		0.0	0	OK
95	   0		   0		0.0	0	OK
96	   0		   0		0.0	0	OK
97	   0		   0		0.0	0	OK
98	   0		   0		0.0	0	OK
99	   0		   0		0.0	0	OK
100	   0		   0		0.0	0	OK
101	   0		   0		0.0	0	OK
102	   0		   0		0.0	0	OK
103	   0		   0		0.0	0	OK
104	   0		   0		0.0	0	OK
105	   0		   0		0.0	0	OK
106	   0		   0		0.0	0	OK
107	   0		   0		0.0	0	OK
108	   0		   0		0.0	0	OK
109	   0		   0		0.0	0	OK
110	   0		   0		0.0	0	OK
111	   0		   0		0.0	0	OK
112	   0		   0		0.0	0	OK
113	   0		   0		0.0	0	OK
114	   0		   0		0.0	0	OK
115	   0		   0		0.0	0	OK
116	   0		   0		0.0	0	OK
117	   0		   0		0.0	0	OK
118	   0		   0		0.0	0	OK
119	   0		   0		0.0	0	OK
120	   0		   0		0.0	0	OK
121	   0		   0		0.0	0	OK
122	   0		   0		0.0	0	OK
123	   0		   0		0.0	0	OK
124	   0		   0		0.0	0	OK
125	   0		   0		0.0	0	OK
126	   0		   0		0.0	0	OK
127	   0		   0		0.0	0	OK
128	   0		   0		0.0	0	OK
129	   0		   0		0.0	0	OK
130	   0		   0		0.0	0	OK
131	   0		   0		0.0	0	OK
132	   0		   0		0.0	0	OK
133	   0		   0		0.0	0	OK
134	   0		   0		0.0	0	OK
135	   0		   0		0.0	0	OK
136	   0		   0		0.0	0	OK
137	   0		   0		0.0	0	OK
138	   0		   0		0.0	0	OK
139	   0		   0		0.0	0	OK
140	   0		   0		0.0	0	OK
141	   0		   0		0.0	0	OK
142	   0		   0		0.0	0	OK
143	   0		   0		0.0	0	OK
144	   0		   0		0.0	0	OK
145	   0		   0		0.0	0	OK
146	   0		   0		0.0	0	OK
147	   0		   0		0.0	0	OK
148	   0		   0		0.0	0	OK
149	   0		   0		0.0	0	OK
150	   0		   0		0.0	0	OK
151	   0		   0		0.0	0	OK
152	   0		   0		0.0	0	OK
153	   0		   0		0.0	0	OK
154	   0		   0		0.0	0	OK
155	   0		   0		0.0	0	OK
156	   0		   0		0.0	0	OK
157	   0		   0		0.0	0	OK
158	   0		   0		0.0	0	OK
159	   0		   0		0.0	0	OK
160	   0		   0		0.0	0	OK
161	   0		   0		0.0	0	OK
162	   0		   0		0.0	0	OK
163	   0		   0		0.0	0	OK
164	   0		   0		0.0	0	OK
165	   0		   0		0.0	0	OK
166	   0		   0		0.0	0	OK
167	   0		   0		0.0	0	OK
168	   0		   0		0.0	0	OK
169	   0		   0		0.0	0	OK
170	   0		   0		0.0	0	OK
171	   0		   0		0.0	0	OK
172	   0		   0		0.0	0	OK
173	   0		   0		0.0	0	OK
174	   0		   0		0.0	0	OK
175	   0		   0		0.0	0	OK
176	   0		   0		0.0	0	OK
177	   0		   0		0.0	0	OK
178	   0		   0		0.0	0	OK
179	   0		   0		0.0	0	OK
180	   0		   0		0.0	0	OK
181	   0		   0		0.0	0	OK
182	   0		   0		21.0	0	OK
183	262144		   0		0.0	0	OK
184	   0		   0		0.0	0	OK
185	   0		   0		0.0	0	OK
186	   0		   0		0.0	0	OK
187	   0		   0		0.0	0	OK
188	   0		   0		0.0	0	OK
189	   0		   0		0.0	0	OK
190	   0		   0		0.0	0	OK
191	   0		   0		0.0	0	OK
192	   0		   0		0.0	0	OK
193	   0		   0		0.0	0	OK
194	   0		   0		0.0	0	OK
195	   0		   0		0.0	0	OK
196	   0		   0		0.0	0	OK
197	   0		   0		0.0	0	OK
198	   0		   0		0.0	0	OK
199	   0		   0		0.0	0	OK
200	   0		   0		0.0	0	OK
201	   0		   0		0.0	0	OK
202	   0		   0		0.0	0	OK
203	   0		   0		0.0	0	OK
204	   0		   0		0.0	0	OK
205	   0		   0		0.0	0	OK
206	   0		   0		0.0	0	OK
207	   0		   0		0.0	0	OK
208	   0		   0		0.0	0	OK
209	   0		   0		0.0	0	OK
210	   0		   0		0.0	0	OK
211	   0		   0		0.0	0	OK
212	   0		   0		0.0	0	OK
213	   0		   0		0.0	0	OK
214	   0		   0		0.0	0	OK
215	   0		   0		0.0	0	OK
216	   0		   0		0.0	0	OK
217	   0		   0		0.0	0	OK
218	   0		   0		0.0	0	OK
219	   0		   0		0.0	0	OK
==2451==ERROR: AddressSanitizer: stack-buffer-overflow on address 0xbfb890b0 at pc 0xb71f453d bp 0xbfb86798 sp 0xbfb8636c
WRITE of size 15127 at 0xbfb890b0 thread T0
ASAN:SIGSEGV
==2451==AddressSanitizer: while reporting a bug found another one. Ignoring.

[fklassen]

I see a different error. My error suggests (correctly) that the file has ended abruptly.

What is the output of tcpcapinfo -V? What is your platform?

❯❯ z tcpre                                                                                                                                PV-3488_aws_drivers ✭ ◼
~/g/tcpreplay ❯❯❯ src/tcpcapinfo ~/Downloads/poc                                                                                                     PR_#397_multi_pcap_sleep_calc ✭
file size   = 18767 bytes
magic       = 0x85b2c3d4 (unknown)
version     = 2.4
thiszone    = 0x91919100
sigfigs     = 0x91919191
snaplen     = 2442236305
linktype    = 0x00040091
Packet	OrigLen		Caplen		Timestamp	Csum	Note
1	   0		  96		0.a1b2c3d4	1c838	OK
2	   0		   0		0.0	0	OK
3	   0		   0		0.0	0	OK
4	   0		   0		0.0	0	OK
5	   0		   0		0.0	0	OK
6	   0		   0		0.0	0	OK
7	   0		   0		0.0	0	OK
8	   0		   0		0.0	0	OK
9	   0		   0		0.0	0	OK
10	   0		   0		0.0	0	OK
11	   0		   0		0.0	0	OK
12	   0		   0		0.0	0	OK
13	   0		   0		0.0	0	OK
14	   0		   0		0.0	0	OK
15	   0		   0		0.0	0	OK
16	   0		   0		0.0	0	OK
17	   0		   0		0.0	0	OK
18	   0		   0		0.0	0	OK
19	   0		   0		0.0	0	OK
20	   0		   0		0.0	0	OK
21	   0		   0		0.0	0	OK
22	   0		   0		0.0	0	OK
23	   0		   0		0.0	0	OK
24	   0		   0		0.0	0	OK
25	   0		   0		0.0	0	OK
26	   0		   0		0.0	0	OK
27	   0		   0		0.0	0	OK
28	   0		   0		0.0	0	OK
29	   0		   0		0.0	0	OK
30	   0		   0		0.0	0	OK
31	   0		   0		0.0	0	OK
32	   0		   0		0.0	0	OK
33	   0		   0		0.0	0	OK
34	   0		   0		0.0	0	OK
35	   0		   0		0.0	0	OK
36	   0		   0		0.0	0	OK
37	   0		   0		0.0	0	OK
38	   0		   0		0.0	0	OK
39	   0		   0		0.0	0	OK
40	   0		   0		0.0	0	OK
41	   0		   0		0.0	0	OK
42	   0		   0		0.0	0	OK
43	   0		   0		0.0	0	OK
44	   0		   0		0.0	0	OK
45	   0		   0		0.0	0	OK
46	   0		   0		0.0	0	OK
47	   0		   0		0.0	0	OK
48	   0		   0		0.0	0	OK
49	   0		   0		0.0	0	OK
50	   0		   0		0.0	0	OK
51	   0		   0		0.0	0	OK
52	   0		   0		0.0	0	OK
53	   0		   0		0.0	0	OK
54	   0		   0		0.0	0	OK
55	   0		   0		0.0	0	OK
56	   0		   0		0.0	0	OK
57	   0		   0		0.0	0	OK
58	   0		   0		0.0	0	OK
59	   0		   0		0.0	0	OK
60	   0		   0		0.0	0	OK
61	   0		   0		0.0	0	OK
62	   0		   0		0.0	0	OK
63	   0		   0		0.0	0	OK
64	   0		   0		0.0	0	OK
65	   0		   0		0.0	0	OK
66	   0		   0		0.0	0	OK
67	   0		   0		0.0	0	OK
68	   0		   0		0.0	0	OK
69	   0		   0		0.0	0	OK
70	   0		   0		0.0	0	OK
71	   0		   0		0.0	0	OK
72	   0		   0		0.0	0	OK
73	   0		   0		0.0	0	OK
74	   0		   0		0.0	0	OK
75	   0		   0		0.0	0	OK
76	   0		   0		0.0	0	OK
77	   0		   0		0.0	0	OK
78	   0		   0		0.0	0	OK
79	   0		   0		0.0	0	OK
80	   0		   0		0.0	0	OK
81	   0		   0		0.0	0	OK
82	   0		   0		0.0	0	OK
83	   0		   0		0.0	0	OK
84	   0		   0		0.0	0	OK
85	   0		   0		0.0	0	OK
86	   0		   0		0.0	0	OK
87	   0		   0		0.0	0	OK
88	   0		   0		0.0	0	OK
89	   0		   0		0.0	0	OK
90	   0		   0		0.0	0	OK
91	   0		   0		0.0	0	OK
92	   0		   0		0.0	0	OK
93	   0		   0		0.0	0	OK
94	   0		   0		0.0	0	OK
95	   0		   0		0.0	0	OK
96	   0		   0		0.0	0	OK
97	   0		   0		0.0	0	OK
98	   0		   0		0.0	0	OK
99	   0		   0		0.0	0	OK
100	   0		   0		0.0	0	OK
101	   0		   0		0.0	0	OK
102	   0		   0		0.0	0	OK
103	   0		   0		0.0	0	OK
104	   0		   0		0.0	0	OK
105	   0		   0		0.0	0	OK
106	   0		   0		0.0	0	OK
107	   0		   0		0.0	0	OK
108	   0		   0		0.0	0	OK
109	   0		   0		0.0	0	OK
110	   0		   0		0.0	0	OK
111	   0		   0		0.0	0	OK
112	   0		   0		0.0	0	OK
113	   0		   0		0.0	0	OK
114	   0		   0		0.0	0	OK
115	   0		   0		0.0	0	OK
116	   0		   0		0.0	0	OK
117	   0		   0		0.0	0	OK
118	   0		   0		0.0	0	OK
119	   0		   0		0.0	0	OK
120	   0		   0		0.0	0	OK
121	   0		   0		0.0	0	OK
122	   0		   0		0.0	0	OK
123	   0		   0		0.0	0	OK
124	   0		   0		0.0	0	OK
125	   0		   0		0.0	0	OK
126	   0		   0		0.0	0	OK
127	   0		   0		0.0	0	OK
128	   0		   0		0.0	0	OK
129	   0		   0		0.0	0	OK
130	   0		   0		0.0	0	OK
131	   0		   0		0.0	0	OK
132	   0		   0		0.0	0	OK
133	   0		   0		0.0	0	OK
134	   0		   0		0.0	0	OK
135	   0		   0		0.0	0	OK
136	   0		   0		0.0	0	OK
137	   0		   0		0.0	0	OK
138	   0		   0		0.0	0	OK
139	   0		   0		0.0	0	OK
140	   0		   0		0.0	0	OK
141	   0		   0		0.0	0	OK
142	   0		   0		0.0	0	OK
143	   0		   0		0.0	0	OK
144	   0		   0		0.0	0	OK
145	   0		   0		0.0	0	OK
146	   0		   0		0.0	0	OK
147	   0		   0		0.0	0	OK
148	   0		   0		0.0	0	OK
149	   0		   0		0.0	0	OK
150	   0		   0		0.0	0	OK
151	   0		   0		0.0	0	OK
152	   0		   0		0.0	0	OK
153	   0		   0		0.0	0	OK
154	   0		   0		0.0	0	OK
155	   0		   0		0.0	0	OK
156	   0		   0		0.0	0	OK
157	   0		   0		0.0	0	OK
158	   0		   0		0.0	0	OK
159	   0		   0		0.0	0	OK
160	   0		   0		0.0	0	OK
161	   0		   0		0.0	0	OK
162	   0		   0		0.0	0	OK
163	   0		   0		0.0	0	OK
164	   0		   0		0.0	0	OK
165	   0		   0		0.0	0	OK
166	   0		   0		0.0	0	OK
167	   0		   0		0.0	0	OK
168	   0		   0		0.0	0	OK
169	   0		   0		0.0	0	OK
170	   0		   0		0.0	0	OK
171	   0		   0		0.0	0	OK
172	   0		   0		0.0	0	OK
173	   0		   0		0.0	0	OK
174	   0		   0		0.0	0	OK
175	   0		   0		0.0	0	OK
176	   0		   0		0.0	0	OK
177	   0		   0		0.0	0	OK
178	   0		   0		0.0	0	OK
179	   0		   0		0.0	0	OK
180	   0		   0		0.0	0	OK
181	   0		   0		0.0	0	OK
182	   0		   0		21.0	0	OK
183	262144		   0		0.0	0	OK
184	   0		   0		0.0	0	OK
185	   0		   0		0.0	0	OK
186	   0		   0		0.0	0	OK
187	   0		   0		0.0	0	OK
188	   0		   0		0.0	0	OK
189	   0		   0		0.0	0	OK
190	   0		   0		0.0	0	OK
191	   0		   0		0.0	0	OK
192	   0		   0		0.0	0	OK
193	   0		   0		0.0	0	OK
194	   0		   0		0.0	0	OK
195	   0		   0		0.0	0	OK
196	   0		   0		0.0	0	OK
197	   0		   0		0.0	0	OK
198	   0		   0		0.0	0	OK
199	   0		   0		0.0	0	OK
200	   0		   0		0.0	0	OK
201	   0		   0		0.0	0	OK
202	   0		   0		0.0	0	OK
203	   0		   0		0.0	0	OK
204	   0		   0		0.0	0	OK
205	   0		   0		0.0	0	OK
206	   0		   0		0.0	0	OK
207	   0		   0		0.0	0	OK
208	   0		   0		0.0	0	OK
209	   0		   0		0.0	0	OK
210	   0		   0		0.0	0	OK
211	   0		   0		0.0	0	OK
212	   0		   0		0.0	0	OK
213	   0		   0		0.0	0	OK
214	   0		   0		0.0	0	OK
215	   0		   0		0.0	0	OK
216	   0		   0		0.0	0	OK
217	   0		   0		0.0	0	OK
218	   0		   0		0.0	0	OK
219	   0		   0		0.0	0	OK
220	   0		65535		0.ffff0000File truncated!  Unable to jump to next packet.

[gy741]

Did you build Asan?

No output in no-Asan build .

OS: Ubuntu 16.04.2 32bit
tcpcapinfo version: 4.2.6 (build git:v4.2.6-4-g54da347)
Copyright 2000-2010 by Aaron Turner
The entire Tcpreplay Suite is licensed under the GPLv3

[fklassen]

@gy741 pardon my ignorance. What is Asan?

[gy741]

AddressSanitizer (aka ASan) is a memory error detector for C/C++.

You can enable ASan bulid by installing clang and enabling the "fsanitize=address" option.

My compile command: CFLAGS="-fsanitize=address -ggdb3" CXXFLAGS="fsanitize=address -ggdb3" LDFLAGS="-fsanitize=address -ggdb3" ./configure --disable-local-libopts --disable-libopts-install && make

Reference: https://github.com/google/sanitizers/wiki/AddressSanitizer

Thanks.

[fklassen]

Thanks for the insight. I think I can use that in other projects. I have found lots of issues with clang static code analysis. I'm sure I'll find more with ASan.

It will take some work to get this to work in my dev environment. I am on Debian 7 and have to add CC=clang to your command.

$ CC=clang CFLAGS="-fsanitize=address -ggdb3" CXXFLAGS="fsanitize=address -ggdb3" LDFLAGS="-fsanitize=address -ggdb3" ./configure --disable-local-libopts --disable-libopts-install && make V=1

...

clang -DHAVE_CONFIG_H -I.     -I..  -I/usr/include -DTCPREPLAY -D_U_="__attribute__((unused))" -Wall -std=gnu99 -fsanitize=address -ggdb3  -Wno-variadic-macros -Wfatal-errors  -I/usr/include -I/usr/local/src/netmap/sys -MT tcpreplay-replay.o -MD -MP -MF .deps/tcpreplay-replay.Tpo -c -o tcpreplay-replay.o `test -f 'replay.c' || echo './'`replay.c
mv -f .deps/tcpreplay-replay.Tpo .deps/tcpreplay-replay.Po
/bin/bash ../libtool  --tag=CC   --mode=link clang  -I..  -I/usr/include -DTCPREPLAY -D_U_="__attribute__((unused))" -Wall -std=gnu99 -fsanitize=address -ggdb3  -Wno-variadic-macros -Wfatal-errors  -I/usr/include -I/usr/local/src/netmap/sys  -fsanitize=address -ggdb3 -o tcpreplay tcpreplay-tcpreplay_opts.o tcpreplay-send_packets.o tcpreplay-signal_handler.o tcpreplay-tcpreplay.o tcpreplay-tcpreplay_api.o tcpreplay-replay.o ./common/libcommon.a ../lib/libstrl.a -L/usr/lib/x86_64-linux-gnu -lpcap -lnl-genl-3 -lnl-3 -ldbus-1 -L/usr/lib -ldumbnet -lopts -lrt -lnsl 
libtool: link: clang -I.. -I/usr/include -DTCPREPLAY "-D_U_=__attribute__((unused))" -Wall -std=gnu99 -fsanitize=address -ggdb3 -Wno-variadic-macros -Wfatal-errors -I/usr/include -I/usr/local/src/netmap/sys -fsanitize=address -ggdb3 -o tcpreplay tcpreplay-tcpreplay_opts.o tcpreplay-send_packets.o tcpreplay-signal_handler.o tcpreplay-tcpreplay.o tcpreplay-tcpreplay_api.o tcpreplay-replay.o  ./common/libcommon.a ../lib/libstrl.a -L/usr/lib/x86_64-linux-gnu -lpcap -lnl-genl-3 -lnl-3 -ldbus-1 -L/usr/lib /usr/lib/libdumbnet.so -lopts -lrt -lnsl
./common/libcommon.a(utils.o): In function `_our_safe_malloc':
/home/fklassen/git/tcpreplay/src/common/utils.c:46: undefined reference to `rpl_malloc'
./common/libcommon.a(utils.o): In function `_our_safe_realloc':
/home/fklassen/git/tcpreplay/src/common/utils.c:71: undefined reference to `rpl_realloc'
./common/libcommon.a(utils.o): In function `_our_safe_strdup':
/home/fklassen/git/tcpreplay/src/common/utils.c:90: undefined reference to `rpl_malloc'
./common/libcommon.a(flows.o): In function `hash_add_entry':
/home/fklassen/git/tcpreplay/src/common/flows.c:93: undefined reference to `rpl_malloc'
clang: fatal error: linker command failed with exit code 1 (use -v to see invocation)
Makefile:677: recipe for target 'tcpreplay' failed
make[3]: *** [tcpreplay] Error 1
make[3]: Leaving directory '/home/fklassen/git/tcpreplay/src'
Makefile:1147: recipe for target 'all-recursive' failed
make[2]: *** [all-recursive] Error 1
make[2]: Leaving directory '/home/fklassen/git/tcpreplay/src'
Makefile:559: recipe for target 'all' failed
make[1]: *** [all] Error 2
make[1]: Leaving directory '/home/fklassen/git/tcpreplay/src'
Makefile:437: recipe for target 'all-recursive' failed
make: *** [all-recursive] Error 1
$ uname -a
Linux jessie-fk 3.16.0-4-amd64 #1 SMP Debian 3.16.39-1+deb8u2 (2017-03-07) x86_64 GNU/Linux

[gy741]

Security researchers are using ASan a lot.

The tcpreplay tool is a great tool.

Please let me know if PoC reproduction fails.

I will provide you with a virtual machine.

Thanks.

[attritionorg]

This looks very similar to #278 but that was patched. Wondering if it is the same issue but the previous patch was incomplete?

[fklassen]

@attritionorg thanks. Reopening #278

[cbiedl]

Please consider an additional size check as below. It avoids the crash for and also several more found by afl. Also, please make the buffer size a constant.

--- a/src/tcpcapinfo.c
+++ b/src/tcpcapinfo.c
@@ -306,6 +306,14 @@
                 last_usec = pcap_ph.ts.tv_usec;
             }
 
+            if (caplen > 10000) {
+                printf("\n\nCapture file appears to be damaged or corrupt.\n"
+                        "Contains packet of size %u, bigger than buffer length %u\n",
+                        caplen, 10000);
+                close(fd);
+                break;
+            }
+
             /* read the frame */
             if ((ret = read(fd, &buf, caplen)) != caplen) {
                 if (ret < 0) {

Cheers,
Christoph

[fklassen]

@cbiedl thanks. I'll try it out this weekend.

[fklassen]

Fixed in #442