Describe the bug
There is a NULL Pointer Dereference in read_hexstring() when the user passes empty user dlink string to tcprewrite with option --user-dlink when the program process the pcap file whose data link type is DLT_USER0.
To Reproduce
Steps to reproduce the behavior:
Get the Tcpreplay source code and compile it.
$ ./configure
$ make
Run Command $ ./tcprewrite --user-dlink="" -i $POC -o /dev/null
The POC file could be downloaded in POC file
Expected behavior
Program crashes with Segmentation fault.
The GDB report is:
$ gdb --args ./bin_normal/bin/tcprewrite --user-dlink="" -i ./poc-tcprewrite-bcb107a-read_hexstring-SEGV -o /dev/null
(gdb) r
Starting program: /home/ubuntu178/cvelibf/test/tcpreplay/latest/bin_normal/bin/tcprewrite --user-dlink= -i ./poc-tcprewrite-bcb107a-read_hexstring-SEGV -o /dev/null
Program received signal SIGSEGV, Segmentation fault.
__rawmemchr_avx2 () at ../sysdeps/x86_64/multiarch/memchr-avx2.S:65
65 ../sysdeps/x86_64/multiarch/memchr-avx2.S: No such file or directory.
(gdb) bt
#0 __rawmemchr_avx2 () at ../sysdeps/x86_64/multiarch/memchr-avx2.S:65
#1 0x00007ffff7dddf36 in _IO_str_init_static_internal (sf=sf@entry=0x7fffffffbe30, ptr=ptr@entry=0x0, size=size@entry=0, pstart=pstart@entry=0x0) at strops.c:41
#2 0x00007ffff7dad4c3 in _IO_strfile_read (string=0x0, sf=0x7fffffffbe30) at ../libio/strfile.h:95
#3 __GI___isoc99_sscanf (s=0x0, format=0x555555576598 "%x") at isoc99_sscanf.c:28
#4 0x000055555556e7cf in read_hexstring (l2string=0x55555557e2a0 "", hex=0x555555581367 "", hexlen=255) at utils.c:309
#5 0x00005555555656ae in dlt_user_parse_opts (ctx=0x555555580890) at plugins/dlt_user/user.c:194
#6 0x000055555556169c in tcpedit_dlt_parse_opts (ctx=0x555555580890) at plugins/dlt_utils.c:39
#7 0x0000555555560ca5 in tcpedit_dlt_post_args (tcpedit=0x55555557ffe0) at plugins/dlt_plugins.c:210
#8 0x000055555555b575 in tcpedit_post_args (tcpedit=0x55555557ffe0) at parse_args.c:252
#9 0x0000555555558c23 in main (argc=0, argv=0x7fffffffc2e8) at tcprewrite.c:89
System (please complete the following information):
$ ./bin_normal/bin/tcprewrite -V
tcprewrite version: 4.4.3 (build git:v4.4.3)
Copyright 2013-2022 by Fred Klassen <tcpreplay at appneta dot com> - AppNeta
Copyright 2000-2012 by Aaron Turner <aturner at synfin dot net>
The entire Tcpreplay Suite is licensed under the GPLv3
Cache file supported: 04
Not compiled with libdnet.
Compiled against libpcap: 1.9.1
64 bit packet counters: enabled
Verbose printing via tcpdump: enabled
Fragroute engine: disabled
The text was updated successfully, but these errors were encountered:
Describe the bug
There is a NULL Pointer Dereference in
read_hexstring()when the user passes empty user dlink string totcprewritewith option--user-dlinkwhen the program process the pcap file whose data link type is DLT_USER0.To Reproduce
Steps to reproduce the behavior:
$ ./tcprewrite --user-dlink="" -i $POC -o /dev/nullThe POC file could be downloaded in POC file
Expected behavior
Program crashes with Segmentation fault.
The GDB report is:
System (please complete the following information):
The text was updated successfully, but these errors were encountered: