You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
There is a NULL Pointer Dereference in read_hexstring() when the user passes empty user dlink string to tcprewrite with option --user-dlink when the program process the pcap file whose data link type is DLT_USER0.
To Reproduce
Steps to reproduce the behavior:
Get the Tcpreplay source code and compile it.
$ ./configure
$ make
Run Command $ ./tcprewrite --user-dlink="" -i $POC -o /dev/null
The POC file could be downloaded in POC file
Expected behavior
Program crashes with Segmentation fault.
The GDB report is:
$ gdb --args ./bin_normal/bin/tcprewrite --user-dlink="" -i ./poc-tcprewrite-bcb107a-read_hexstring-SEGV -o /dev/null
(gdb) r
Starting program: /home/ubuntu178/cvelibf/test/tcpreplay/latest/bin_normal/bin/tcprewrite --user-dlink= -i ./poc-tcprewrite-bcb107a-read_hexstring-SEGV -o /dev/null
Program received signal SIGSEGV, Segmentation fault.
__rawmemchr_avx2 () at ../sysdeps/x86_64/multiarch/memchr-avx2.S:65
65 ../sysdeps/x86_64/multiarch/memchr-avx2.S: No such file or directory.
(gdb) bt
#0 __rawmemchr_avx2 () at ../sysdeps/x86_64/multiarch/memchr-avx2.S:65
#1 0x00007ffff7dddf36 in _IO_str_init_static_internal (sf=sf@entry=0x7fffffffbe30, ptr=ptr@entry=0x0, size=size@entry=0, pstart=pstart@entry=0x0) at strops.c:41
#2 0x00007ffff7dad4c3 in _IO_strfile_read (string=0x0, sf=0x7fffffffbe30) at ../libio/strfile.h:95
#3 __GI___isoc99_sscanf (s=0x0, format=0x555555576598 "%x") at isoc99_sscanf.c:28
#4 0x000055555556e7cf in read_hexstring (l2string=0x55555557e2a0 "", hex=0x555555581367 "", hexlen=255) at utils.c:309
#5 0x00005555555656ae in dlt_user_parse_opts (ctx=0x555555580890) at plugins/dlt_user/user.c:194
#6 0x000055555556169c in tcpedit_dlt_parse_opts (ctx=0x555555580890) at plugins/dlt_utils.c:39
#7 0x0000555555560ca5 in tcpedit_dlt_post_args (tcpedit=0x55555557ffe0) at plugins/dlt_plugins.c:210
#8 0x000055555555b575 in tcpedit_post_args (tcpedit=0x55555557ffe0) at parse_args.c:252
#9 0x0000555555558c23 in main (argc=0, argv=0x7fffffffc2e8) at tcprewrite.c:89
System (please complete the following information):
$ ./bin_normal/bin/tcprewrite -V
tcprewrite version: 4.4.3 (build git:v4.4.3)
Copyright 2013-2022 by Fred Klassen <tcpreplay at appneta dot com> - AppNeta
Copyright 2000-2012 by Aaron Turner <aturner at synfin dot net>
The entire Tcpreplay Suite is licensed under the GPLv3
Cache file supported: 04
Not compiled with libdnet.
Compiled against libpcap: 1.9.1
64 bit packet counters: enabled
Verbose printing via tcpdump: enabled
Fragroute engine: disabled
The text was updated successfully, but these errors were encountered:
Describe the bug
There is a NULL Pointer Dereference in
read_hexstring()
when the user passes empty user dlink string totcprewrite
with option--user-dlink
when the program process the pcap file whose data link type is DLT_USER0.To Reproduce
Steps to reproduce the behavior:
$ ./tcprewrite --user-dlink="" -i $POC -o /dev/null
The POC file could be downloaded in POC file
Expected behavior
Program crashes with Segmentation fault.
The GDB report is:
System (please complete the following information):
The text was updated successfully, but these errors were encountered: