Describe the bug
There is a NULL Pointer Dereference in parse_endpoints() when the user passes empty endpoints string to tcprewrite with option --endpoints.
To Reproduce
Steps to reproduce the behavior:
Get the Tcpreplay source code and compile it.
$ ./configure
$ make
Generate cache file $ ./tcpprep --port --pcap=./test.pcap --cachefile=./test.cache
The file test.pcap is from tcpreplay codebase, which is located in test/test.pcap.
Run Command $ ./tcprewrite --endpoints="" -i ./test.pcap -o /dev/null --cachefile=./test.cache
Expected behavior
Program crashes with Segmentation fault.
The GDB report is:
$ gdb --args ./bin_normal/bin/tcprewrite --endpoints="" -i ./code/test/test.pcap -o /dev/null --cachefile=./test.cache
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from ./bin_normal/bin/tcprewrite...
(gdb) r
Starting program: /home/ubuntu178/cvelibf/test/tcpreplay/latest/bin_normal/bin/tcprewrite --endpoints= -i ./code/test/test.pcap -o /dev/null --cachefile=./test.cache
Program received signal SIGSEGV, Segmentation fault.
0x000055555556fde2 in strlcat (dst=0x7fffffffc0aa "", src=0x0, dsize=92) at strlcat.c:45
45 while (*src != '\0') {
(gdb) bt
#0 0x000055555556fde2 in strlcat (dst=0x7fffffffc0aa "", src=0x0, dsize=92) at strlcat.c:45
#1 0x000055555556b6f0 in parse_endpoints (cidrmap1=0x555555580850, cidrmap2=0x555555580858, optarg=0x7fffffffc654 "") at cidr.c:367
#2 0x000055555555b51c in tcpedit_post_args (tcpedit=0x55555557fff0) at parse_args.c:243
#3 0x0000555555558c23 in main (argc=0, argv=0x7fffffffc2f0) at tcprewrite.c:89
System (please complete the following information):
$ ./bin_normal/bin/tcprewrite -V
tcprewrite version: 4.4.3 (build git:v4.4.3)
Copyright 2013-2022 by Fred Klassen <tcpreplay at appneta dot com> - AppNeta
Copyright 2000-2012 by Aaron Turner <aturner at synfin dot net>
The entire Tcpreplay Suite is licensed under the GPLv3
Cache file supported: 04
Not compiled with libdnet.
Compiled against libpcap: 1.9.1
64 bit packet counters: enabled
Verbose printing via tcpdump: enabled
Fragroute engine: disabled
The text was updated successfully, but these errors were encountered:
Describe the bug
There is a NULL Pointer Dereference in
parse_endpoints()when the user passes empty endpoints string totcprewritewith option--endpoints.To Reproduce
Steps to reproduce the behavior:
$ ./tcpprep --port --pcap=./test.pcap --cachefile=./test.cacheThe file
test.pcapis from tcpreplay codebase, which is located intest/test.pcap.$ ./tcprewrite --endpoints="" -i ./test.pcap -o /dev/null --cachefile=./test.cacheExpected behavior
Program crashes with Segmentation fault.
The GDB report is:
System (please complete the following information):
The text was updated successfully, but these errors were encountered: