Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Bug] NULL Pointer Dereference in parse_endpoints() at cidr.c:367 #785

Open
Marsman1996 opened this issue Mar 1, 2023 · 0 comments
Open

Comments

@Marsman1996
Copy link

Describe the bug
There is a NULL Pointer Dereference in parse_endpoints() when the user passes empty endpoints string to tcprewrite with option --endpoints.

To Reproduce
Steps to reproduce the behavior:

  1. Get the Tcpreplay source code and compile it.
$ ./configure
$ make
  1. Generate cache file $ ./tcpprep --port --pcap=./test.pcap --cachefile=./test.cache
    The file test.pcap is from tcpreplay codebase, which is located in test/test.pcap.
  2. Run Command $ ./tcprewrite --endpoints="" -i ./test.pcap -o /dev/null --cachefile=./test.cache

Expected behavior
Program crashes with Segmentation fault.

The GDB report is:

$ gdb --args ./bin_normal/bin/tcprewrite --endpoints="" -i ./code/test/test.pcap -o /dev/null --cachefile=./test.cache

For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from ./bin_normal/bin/tcprewrite...
(gdb) r
Starting program: /home/ubuntu178/cvelibf/test/tcpreplay/latest/bin_normal/bin/tcprewrite --endpoints= -i ./code/test/test.pcap -o /dev/null --cachefile=./test.cache

Program received signal SIGSEGV, Segmentation fault.
0x000055555556fde2 in strlcat (dst=0x7fffffffc0aa "", src=0x0, dsize=92) at strlcat.c:45
45              while (*src != '\0') {
(gdb) bt
#0  0x000055555556fde2 in strlcat (dst=0x7fffffffc0aa "", src=0x0, dsize=92) at strlcat.c:45
#1  0x000055555556b6f0 in parse_endpoints (cidrmap1=0x555555580850, cidrmap2=0x555555580858, optarg=0x7fffffffc654 "") at cidr.c:367
#2  0x000055555555b51c in tcpedit_post_args (tcpedit=0x55555557fff0) at parse_args.c:243
#3  0x0000555555558c23 in main (argc=0, argv=0x7fffffffc2f0) at tcprewrite.c:89

System (please complete the following information):

  • OS: Ubuntu
  • OS version: 20.04, 64 bit
  • Tcpreplay Version: master bcb107a
$ ./bin_normal/bin/tcprewrite -V
tcprewrite version: 4.4.3 (build git:v4.4.3)
Copyright 2013-2022 by Fred Klassen <tcpreplay at appneta dot com> - AppNeta
Copyright 2000-2012 by Aaron Turner <aturner at synfin dot net>
The entire Tcpreplay Suite is licensed under the GPLv3
Cache file supported: 04
Not compiled with libdnet.
Compiled against libpcap: 1.9.1
64 bit packet counters: enabled
Verbose printing via tcpdump: enabled
Fragroute engine: disabled
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant