Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Zero block in IPv6 route prefix misinterpreted #359

Closed
0xb35c opened this issue Nov 23, 2016 · 8 comments
Closed

Zero block in IPv6 route prefix misinterpreted #359

0xb35c opened this issue Nov 23, 2016 · 8 comments
Assignees
@guedou

Comments

@0xb35c
Copy link
Contributor

0xb35c commented Nov 23, 2016

Hi,
if you have a zero block in one of your route prefixes scapy will die with a "Illegal syntax for IP address" exception.

$ route -6n
Kernel IPv6 routing table
Destination                    Next Hop                   Flag Met Ref Use If
fd00:2001:0:c020::/64          ::                         U    600 1     3 wlp4s0

In arch/linux.py:263 the route is read and d is set to fd0020010000c0200000000000000000.
This parsed in the function inet_pton from pton_ntop.py and incorrectly truncated to fd00:2001::c020:: (the correct value for that example would be fd00:2001:0:c020::), which again is validated from the same function at a later point and causes the exception.

I installed scapy in a virtualenv and with pacman. Running sudo scapy and from scapy.all import * in ipython causes the exception.
@0xb35c
Copy link
Contributor Author

0xb35c commented Nov 23, 2016
edited
Loading

Actually it seems that the return value from inet_pton from pton_ntop.py is fed into inet_ntop, which causes the issue.

@guedou
Copy link
Member

guedou commented Nov 23, 2016

For sure fd00:2001::c020:: is a weird IPv6 address ! On Linux, Scapy uses the output of /proc/net/ipv6_route. Would you mind sharing it with us ? This will help us mock and debug the issue easily.

Thanks.

@guedou guedou assigned p-l- and guedou and unassigned p-l- Nov 23, 2016
@guedou
Copy link
Member

guedou commented Nov 23, 2016

@p-l- that's a nasty nasty bug =)

@0xb35c
Copy link
Contributor Author

0xb35c commented Nov 24, 2016

Hi,
here it is:

fd0020010000c0200000000000000000 40 00000000000000000000000000000000 00 00000000000000000000000000000000 00000258 00000000 00000000 00000001   wlp4s0
fe800000000000000000000000000001 80 00000000000000000000000000000000 00 00000000000000000000000000000000 00000258 00000000 00000000 00000001   wlp4s0
fe800000000000000000000000000000 40 00000000000000000000000000000000 00 00000000000000000000000000000000 00000100 00000000 00000000 00000001 vboxnet0
fe800000000000000000000000000000 40 00000000000000000000000000000000 00 00000000000000000000000000000000 00000100 00000000 00000000 00000001   wlp4s0
00000000000000000000000000000000 00 00000000000000000000000000000000 00 fe800000000000000000000000000001 00000258 00000002 00000004 00000003   wlp4s0
00000000000000000000000000000000 00 00000000000000000000000000000000 00 00000000000000000000000000000000 ffffffff 00000001 00007031 00200200       lo
00000000000000000000000000000001 80 00000000000000000000000000000000 00 00000000000000000000000000000000 00000000 00000005 00000121 80200001       lo
fd0020010000c020d9f1952d72aa052d 80 00000000000000000000000000000000 00 00000000000000000000000000000000 00000000 00000001 00000000 80200001       lo
fe80000000000000080027fffe000000 80 00000000000000000000000000000000 00 00000000000000000000000000000000 00000000 00000005 00000011 80200001       lo
fe800000000000000ed67a68be4e52f2 80 00000000000000000000000000000000 00 00000000000000000000000000000000 00000000 00000002 00000001 80200001       lo
ff000000000000000000000000000000 08 00000000000000000000000000000000 00 00000000000000000000000000000000 00000100 00000004 00000060 00000001 vboxnet0
ff000000000000000000000000000000 08 00000000000000000000000000000000 00 00000000000000000000000000000000 00000100 00000004 0000001b 00000001   wlp4s0
00000000000000000000000000000000 00 00000000000000000000000000000000 00 00000000000000000000000000000000 ffffffff 00000001 00007031 00200200       lo

The issue here is the first line though.

@guedou
Copy link
Member

guedou commented Nov 24, 2016

Thanks a lot. I was able to reproduce the issue.

@guedou guedou mentioned this issue Nov 24, 2016
Merged
@guedou
Copy link
Member

guedou commented Dec 14, 2016

@0xb35c I can confirm that PR #363 was not a correct fix for Windows. Will you mind submitting your fix that use regexp ?

@0xb35c
Copy link
Contributor Author

0xb35c commented Dec 15, 2016

@guedou I will do so. I need to find some time to create a according PR.

0xb35c pushed a commit to 0xb35c/scapy that referenced this issue Dec 15, 2016
Fix issue secdev#359: properly handle ipv6 adresses with multiple zer…
3048862 
…o blocks
@0xb35c 0xb35c mentioned this issue Dec 15, 2016
Closed
@0xb35c 0xb35c mentioned this issue Dec 31, 2016
Merged
0xb35c pushed a commit to 0xb35c/scapy that referenced this issue Jan 10, 2017
Fix issue secdev#359
f25f641 
Handle ipv6 addresses according to RFC 5952
Add regression tests
p-l- pushed a commit that referenced this issue Jan 18, 2017
@0xb35c @p-l-
Fix issue #359: Bin to str conversion of IPv6 addresses (#431)
fcb62e7
@0xb35c
Copy link
Contributor Author

0xb35c commented Jan 20, 2017

Fixed by PR #431 / fcb62e7

@0xb35c 0xb35c closed this as completed Jan 20, 2017
@jipanyang jipanyang mentioned this issue Apr 3, 2019
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@guedou guedou

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@p-l- @0xb35c @guedou