[Bug] NULL Pointer Dereference in read_hexstring() at utils.c:309

[Marsman1996]

Describe the bug
There is a NULL Pointer Dereference in read_hexstring() when the user passes empty user dlink string to tcprewrite with option --user-dlink when the program process the pcap file whose data link type is DLT_USER0.

To Reproduce
Steps to reproduce the behavior:

1. Get the Tcpreplay source code and compile it.

$ ./configure
$ make

2. Run Command $ ./tcprewrite --user-dlink="" -i $POC -o /dev/null
   The POC file could be downloaded in POC file

Expected behavior
Program crashes with Segmentation fault.

The GDB report is:

$ gdb --args ./bin_normal/bin/tcprewrite --user-dlink="" -i ./poc-tcprewrite-bcb107a-read_hexstring-SEGV -o /dev/null

(gdb) r
Starting program: /home/ubuntu178/cvelibf/test/tcpreplay/latest/bin_normal/bin/tcprewrite --user-dlink= -i ./poc-tcprewrite-bcb107a-read_hexstring-SEGV -o /dev/null

Program received signal SIGSEGV, Segmentation fault.
__rawmemchr_avx2 () at ../sysdeps/x86_64/multiarch/memchr-avx2.S:65
65      ../sysdeps/x86_64/multiarch/memchr-avx2.S: No such file or directory.
(gdb) bt
#0  __rawmemchr_avx2 () at ../sysdeps/x86_64/multiarch/memchr-avx2.S:65
#1  0x00007ffff7dddf36 in _IO_str_init_static_internal (sf=sf@entry=0x7fffffffbe30, ptr=ptr@entry=0x0, size=size@entry=0, pstart=pstart@entry=0x0) at strops.c:41
#2  0x00007ffff7dad4c3 in _IO_strfile_read (string=0x0, sf=0x7fffffffbe30) at ../libio/strfile.h:95
#3  __GI___isoc99_sscanf (s=0x0, format=0x555555576598 "%x") at isoc99_sscanf.c:28
#4  0x000055555556e7cf in read_hexstring (l2string=0x55555557e2a0 "", hex=0x555555581367 "", hexlen=255) at utils.c:309
#5  0x00005555555656ae in dlt_user_parse_opts (ctx=0x555555580890) at plugins/dlt_user/user.c:194
#6  0x000055555556169c in tcpedit_dlt_parse_opts (ctx=0x555555580890) at plugins/dlt_utils.c:39
#7  0x0000555555560ca5 in tcpedit_dlt_post_args (tcpedit=0x55555557ffe0) at plugins/dlt_plugins.c:210
#8  0x000055555555b575 in tcpedit_post_args (tcpedit=0x55555557ffe0) at parse_args.c:252
#9  0x0000555555558c23 in main (argc=0, argv=0x7fffffffc2e8) at tcprewrite.c:89

System (please complete the following information):

• OS: Ubuntu
• OS version: 20.04, 64 bit
• Tcpreplay Version: master bcb107a

$ ./bin_normal/bin/tcprewrite -V
tcprewrite version: 4.4.3 (build git:v4.4.3)
Copyright 2013-2022 by Fred Klassen <tcpreplay at appneta dot com> - AppNeta
Copyright 2000-2012 by Aaron Turner <aturner at synfin dot net>
The entire Tcpreplay Suite is licensed under the GPLv3
Cache file supported: 04
Not compiled with libdnet.
Compiled against libpcap: 1.9.1
64 bit packet counters: enabled
Verbose printing via tcpdump: enabled
Fragroute engine: disabled

[fklassen]

Fixed in PR #783. Documented in PR #801.