Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Bug] Reachable assertion in tcpedit_dlt_cleanup() at plugins/dlt_plugins.c #780

Open
Marsman1996 opened this issue Mar 1, 2023 · 1 comment · May be fixed by #781
Open

[Bug] Reachable assertion in tcpedit_dlt_cleanup() at plugins/dlt_plugins.c #780

Marsman1996 opened this issue Mar 1, 2023 · 1 comment · May be fixed by #781

Comments

@Marsman1996
Copy link

Describe the bug
There is a reachable assertion in tcpedit_dlt_cleanup() when when the user uses tcprewrite to open a crafted pcap file in DLT_JUNIPER_ETHER mode.

To Reproduce
Steps to reproduce the behavior:

  1. Get the Tcpreplay source code and compile it.
$ ./configure
$ make
  1. Run Command $ ./tcprewrite --dlt="jnpr_eth" -i $POC -o /dev/null
    The POC file could be downloaded here:
    POC file

Expected behavior
Program reports assertion failure and is terminated.

The GDB report:

$ gdb --args ./bin_normal/bin/tcprewrite --dlt="jnpr_eth" -i ./poc-tcprewrite-bcb107a-tcpedit_dlt_cleanup-assertion -o /dev/null

(gdb) r
Starting program: /home/ubuntu178/cvelibf/test/tcpreplay/latest/bin_normal/bin/tcprewrite --dlt=jnpr_eth -i ./poc-tcprewrite-bcb107a-tcpedit_dlt_cleanup-assertion -o /dev/null
Warning: ./poc-tcprewrite-bcb107a-tcpedit_dlt_cleanup-assertion was captured using a snaplen of 96 bytes.  This may mean you have truncated packets.
tcprewrite: plugins/dlt_plugins.c:462: tcpedit_dlt_cleanup: Assertion `ctx' failed.

Program received signal SIGABRT, Aborted.
__GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
50      ../sysdeps/unix/sysv/linux/raise.c: No such file or directory.
(gdb) bt
#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
#1  0x00007ffff7d6d859 in __GI_abort () at abort.c:79
#2  0x00007ffff7d6d729 in __assert_fail_base (fmt=0x7ffff7f03588 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=0x555555572ae6 "ctx", file=0x555555572ad0 "plugins/dlt_plugins.c", line=462, 
    function=<optimized out>) at assert.c:92
#3  0x00007ffff7d7ef36 in __GI___assert_fail (assertion=0x555555572ae6 "ctx", file=0x555555572ad0 "plugins/dlt_plugins.c", line=462, function=0x555555572fb0 <__PRETTY_FUNCTION__.7740> "tcpedit_dlt_cleanup")
    at assert.c:101
#4  0x000055555556156d in tcpedit_dlt_cleanup (ctx=0x0) at plugins/dlt_plugins.c:462
#5  0x0000555555569aca in dlt_jnpr_ether_cleanup (ctx=0x555555580090) at plugins/dlt_jnpr_ether/jnpr_ether.c:171
#6  0x000055555556158c in tcpedit_dlt_cleanup (ctx=0x555555580090) at plugins/dlt_plugins.c:466
#7  0x000055555555a763 in tcpedit_close (tcpedit_ex=0x55555557db60 <tcpedit>) at tcpedit.c:599
#8  0x0000555555558f02 in main (argc=0, argv=0x7fffffffde38) at tcprewrite.c:154

System (please complete the following information):

  • OS: Ubuntu
  • OS version: 20.04, 64 bit
  • Tcpreplay Version: master bcb107a
$ ./bin_normal/bin/tcprewrite -V
tcprewrite version: 4.4.3 (build git:v4.4.3)
Copyright 2013-2022 by Fred Klassen <tcpreplay at appneta dot com> - AppNeta
Copyright 2000-2012 by Aaron Turner <aturner at synfin dot net>
The entire Tcpreplay Suite is licensed under the GPLv3
Cache file supported: 04
Not compiled with libdnet.
Compiled against libpcap: 1.9.1
64 bit packet counters: enabled
Verbose printing via tcpdump: enabled
Fragroute engine: disabled
@Marsman1996
Copy link
Author

This problem is because in dlt_jnpr_ether_cleanup(), the program does check the subctx before calling the tcpedit_dlt_cleanup().

#781 could fix this.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

1 participant