Describe the bug
There is a reachable assertion in tcpedit_dlt_cleanup() when when the user uses tcprewrite to open a crafted pcap file in DLT_JUNIPER_ETHER mode.
To Reproduce
Steps to reproduce the behavior:
Get the Tcpreplay source code and compile it.
$ ./configure
$ make
Run Command $ ./tcprewrite --dlt="jnpr_eth" -i $POC -o /dev/null
The POC file could be downloaded here: POC file
Expected behavior
Program reports assertion failure and is terminated.
The GDB report:
$ gdb --args ./bin_normal/bin/tcprewrite --dlt="jnpr_eth" -i ./poc-tcprewrite-bcb107a-tcpedit_dlt_cleanup-assertion -o /dev/null
(gdb) r
Starting program: /home/ubuntu178/cvelibf/test/tcpreplay/latest/bin_normal/bin/tcprewrite --dlt=jnpr_eth -i ./poc-tcprewrite-bcb107a-tcpedit_dlt_cleanup-assertion -o /dev/null
Warning: ./poc-tcprewrite-bcb107a-tcpedit_dlt_cleanup-assertion was captured using a snaplen of 96 bytes. This may mean you have truncated packets.
tcprewrite: plugins/dlt_plugins.c:462: tcpedit_dlt_cleanup: Assertion `ctx' failed.
Program received signal SIGABRT, Aborted.
__GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
50 ../sysdeps/unix/sysv/linux/raise.c: No such file or directory.
(gdb) bt
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
#1 0x00007ffff7d6d859 in __GI_abort () at abort.c:79
#2 0x00007ffff7d6d729 in __assert_fail_base (fmt=0x7ffff7f03588 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=0x555555572ae6 "ctx", file=0x555555572ad0 "plugins/dlt_plugins.c", line=462,
function=<optimized out>) at assert.c:92
#3 0x00007ffff7d7ef36 in __GI___assert_fail (assertion=0x555555572ae6 "ctx", file=0x555555572ad0 "plugins/dlt_plugins.c", line=462, function=0x555555572fb0 <__PRETTY_FUNCTION__.7740> "tcpedit_dlt_cleanup")
at assert.c:101
#4 0x000055555556156d in tcpedit_dlt_cleanup (ctx=0x0) at plugins/dlt_plugins.c:462
#5 0x0000555555569aca in dlt_jnpr_ether_cleanup (ctx=0x555555580090) at plugins/dlt_jnpr_ether/jnpr_ether.c:171
#6 0x000055555556158c in tcpedit_dlt_cleanup (ctx=0x555555580090) at plugins/dlt_plugins.c:466
#7 0x000055555555a763 in tcpedit_close (tcpedit_ex=0x55555557db60 <tcpedit>) at tcpedit.c:599
#8 0x0000555555558f02 in main (argc=0, argv=0x7fffffffde38) at tcprewrite.c:154
System (please complete the following information):
$ ./bin_normal/bin/tcprewrite -V
tcprewrite version: 4.4.3 (build git:v4.4.3)
Copyright 2013-2022 by Fred Klassen <tcpreplay at appneta dot com> - AppNeta
Copyright 2000-2012 by Aaron Turner <aturner at synfin dot net>
The entire Tcpreplay Suite is licensed under the GPLv3
Cache file supported: 04
Not compiled with libdnet.
Compiled against libpcap: 1.9.1
64 bit packet counters: enabled
Verbose printing via tcpdump: enabled
Fragroute engine: disabled
The text was updated successfully, but these errors were encountered:
Describe the bug
There is a reachable assertion in
tcpedit_dlt_cleanup()when when the user usestcprewriteto open a crafted pcap file inDLT_JUNIPER_ETHERmode.To Reproduce
Steps to reproduce the behavior:
$ ./tcprewrite --dlt="jnpr_eth" -i $POC -o /dev/nullThe POC file could be downloaded here:
POC file
Expected behavior
Program reports assertion failure and is terminated.
The GDB report:
System (please complete the following information):
The text was updated successfully, but these errors were encountered: