tcpdump mailing list archives
Bug in print-ppp.c
From: Darren Reed <darrenr () reed wattle id au>
Date: Tue, 13 Jul 2004 15:04:43 +1000 (EST)
I've come across a packet that causes me to get a stack trace something like this: #0 0x00000000 in ?? () #1 0x0807a0bd in handle_ctrl_proto (proto=32855, pptr=0x8195c82 "\001", length=14) at print-ppp.c:450 #2 0x0807be24 in handle_ppp (proto=32855, p=0x8195c82 "\001", length=14) at print-ppp.c:1143 #3 0x0807c072 in ppp_print (p=0x8195c82 "\001", length=14) at print-ppp.c:1229 #4 0x0805fd22 in gre_print_1 (bp=0x8195c80 "\200W\001", length=28) at print-gre.c:305 #5 0x0805f757 in gre_print (bp=0x8195c74 "0\001\210\v", length=28) at print-gre.c:108 #6 0x080634c2 in ip_print (bp=0x8195c60 "E", length=48) at print-ip.c:606 #7 0x08060307 in gtpv1u_print (bp=0x8195c60 "E", length=48) at print-gtp.c:323 #8 0x080919d6 in udp_print (bp=0x8195c4c "\bh\bh", length=60, bp2=0x8195c38 "E", fragmented=0) at print-udp.c:635 #9 0x080633b9 in ip_print (bp=0x8195c38 "E", length=88) at print-ip.c:539 #10 0x0805e062 in ether_encap_print (ether_type=2048, p=0x8195c38 "E", length=88, caplen=88, extracted_ether_type=0xbffff2d0) at print-ether.c:189 #11 0x0805de85 in ether_print (p=0x8195c38 "E", length=88, caplen=88) at print-ether.c:142 #12 0x0805def3 in ether_if_print (h=0xbffff340, p=0x8195c2a "") at print-ether.c:162 #13 0x08094fc9 in print_packet (user=0xbffff520 "ÖÞ\005\b", h=0xbffff340, sp=0x8195c2a "") at tcpdump.c:1188 #14 0x080a389a in pcap_offline_read () #15 0x0809b486 in pcap_loop () #16 0x08094b55 in main (argc=5, argv=0xbffff594) at tcpdump.c:997 #17 0x420158d4 in __libc_start_main () from /lib/i686/libc.so.6 Somewhere around like 445, print-ppp.c has: default: /* * This should never happen, but we set * "pfunc" to squelch uninitialized * variable warnings from compilers. */ pfunc = NULL; break; } Adding a printout after the closing }, I see this for one packet: pfunc (nil) tptr 0x8195c86 len 14 x 10 proto 0x8057 ptr 0x8195c82 length 14 We've come here from handle_ppp() which calls handl_ctrl_proto() for PPP_IPV6CP. This patch (modulo white space) solves this problem for now. *** print-ppp.c 8 Jul 2004 11:10:37 -0000 1.2 --- print-ppp.c 13 Jul 2004 05:01:15 -0000 *************** *** 447,452 **** --- 447,454 ---- pfunc = NULL; break; } + if (pfunc == NULL) + break; if ((j = (*pfunc)(tptr, len)) == 0) break; x -= j; Darren - This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.
Current thread:
- Bug in print-ppp.c Darren Reed (Jul 12)
- Re: Bug in print-ppp.c Hannes Gredler (Jul 13)
- Re: Bug in print-ppp.c Romain Francoise (Jul 24)
- Re: Bug in print-ppp.c Darren Reed (Jul 25)
- Re: Bug in print-ppp.c Romain Francoise (Jul 25)
- Re: Bug in print-ppp.c Darren Reed (Jul 25)