Hi Nikos,
Your patch resolved the issue. Many Thanks.
Sincerely,
Michael Zervakis
-----Original Message-----
From: Nikos Balkanas [mailto:[email protected]]
Sent: Sunday, September 20, 2009 12:12 PM
To: Michael Zervakis; [email protected]
Subject: Re: Bearerbox Panic after receiving CIFS/SMB request at smsbox-port
Hi Michael,
This is a simple patch that should fix it. Please test.
BR,
Nikos
----- Original Message -----
From: "Michael Zervakis" <[email protected]>
To: <[email protected]>
Sent: Friday, September 18, 2009 6:00 PM
Subject: Bearerbox Panic after receiving CIFS/SMB request at smsbox-port
> Dear all,
>
> During testing of Bearerbox using version cvs-20090506 I found that if
> smsbox socket receives a CIFS/SMB request bearerbox panics. This means
> that a malicious user could easily crash bearerbox simply by scanning
the
> host (for example via nmap -sV).
>
> 2009-09-18 17:09:18 [2002] [5] DEBUG: Started thread 30
> (gw/bb_boxc.c:function)
> 2009-09-18 17:09:18 [2002] [30] PANIC: Internal error: unknown message
> type: -11317950
> 2009-09-18 17:09:18 [2002] [30] PANIC: ./bearerbox(gw_panic+0xbc)
> [0x80d8fcc]
> 2009-09-18 17:09:18 [2002] [30] PANIC: ./bearerbox(msg_unpack_real+0x78)
> [0x8065c88]
> 2009-09-18 17:09:18 [2002] [30] PANIC: ./bearerbox [0x8057e50]
> 2009-09-18 17:09:18 [2002] [30] PANIC: ./bearerbox [0x80596b9]
> 2009-09-18 17:09:18 [2002] [30] PANIC: ./bearerbox [0x80cfafd]
> 2009-09-18 17:09:18 [2002] [30] PANIC: /lib/libpthread.so.0 [0xb7faa1b5]
> 2009-09-18 17:09:18 [2002] [30] PANIC: /lib/libc.so.6(clone+0x5e)
> [0xb7abd3be]
>
>
> addr2line -e /usr/gateway/sbin/bearerbox 0x80d8fcc 0x8065c88 0x8057e50
> 0x80596b9 0x80cfafd 0xb7faa1b5 0xb7abd3be
> /usr/src/packages/SOURCES/gateway/gwlib/log.c:542
> /usr/src/packages/SOURCES/gateway/gw/msg.c:245
> /usr/src/packages/SOURCES/gateway/gw/bb_boxc.c:199
> /usr/src/packages/SOURCES/gateway/gw/bb_boxc.c:656
> /usr/src/packages/SOURCES/gateway/gwlib/gwthread-pthread.c:135
> ??:0
> ??:0
>
> Tcpdump
> 17:09:18.100983 IP 10.12.0.50.29000 > 172.31.1.48.4201: S
> 3500919925:3500919925(0) ack 739634900 win 5840 <mss 1460,nop,
> nop,sackOK>
> 0x0000: 4500 0030 0000 4000 4006 e747 c129 e507 e.....@[email protected].)..
> 0x0010: ac1f 0130 7148 1069 d0ab cc75 2c15 eed4 ...0qH.i...u,...
> 0x0020: 7012 16d0 df01 0000 0204 05b4 0101 0402 p...............
> 17:09:18.101524 IP 172.31.1.48.4201 > 10.12.0.50.29000: . ack 1 win 65535
> 0x0000: 4500 0028 939b 4000 7e06 15b4 ac1f 0130 E..(....@.~......0
> 0x0010: c129 e507 1069 7148 2c15 eed4 d0ab cc76 .)...iqH,......v
> 0x0020: 5010 ffff 2296 0000 0000 0000 0000 P...".........
> 17:09:18.114337 IP 172.31.1.48.4201 > 10.12.0.50.29000: P 1:169(168)
ack 1
> win 65535
> 0x0000: 4500 00d0 939e 4000 7e06 1509 ac1f 0130 e.....@.~......0
> 0x0010: c129 e507 1069 7148 2c15 eed4 d0ab cc76 .)...iqH,......v
> 0x0020: 5018 ffff 82ac 0000 0000 00a4 ff53 4d42 P............SMB
> 0x0030: 7200 0000 0008 0140 0000 0000 0000 0000 r......@........
> 0x0040: 0000 0000 0000 4006 0000 0100 0081 0002 ......@.........
> 0x0050: 5043 204e 4554 574f 524b 2050 524f 4752 PC.NETWORK.PROGR
> 0x0060: 414d 2031 2e30 0002 4d49 4352 4f53 4f46 AM.1.0..MICROSOF
> 0x0070: 5420 4e45 5457 4f52 4b53 2031 2e30 3300 T.NETWORKS.1.03.
> 0x0080: 024d 4943 524f 534f 4654 204e 4554 574f .MICROSOFT.NETWO
> 0x0090: 524b 5320 332e 3000 024c 414e 4d41 4e31 RKS.3.0..LANMAN1
> 0x00a0: 2e30 0002 4c4d 312e 3258 3030 3200 0253 .0..LM1.2X002..S
> 0x00b0: 616d 6261 0002 4e54 204c 414e 4d41 4e20 amba..NT.LANMAN.
> 0x00c0: 312e 3000 024e 5420 4c4d 2030 2e31 3200 1.0..NT.LM.0.12.
> 17:09:18.114348 IP 10.12.0.50.29000 > 172.31.1.48.4201: . ack 169 win
6432
> 0x0000: 4500 0028 999f 4000 4006 4db0 c129 e507 E..(....@[email protected]..)..
> 0x0010: ac1f 0130 7148 1069 d0ab cc76 2c15 ef7c ...0qH.i...v,..|
> 0x0020: 5010 1920 08ce 0000 P.......
> 17:09:18.116709 IP 10.12.0.50.29000 > 172.31.1.48.4201: F 1:1(0) ack 169
> win 6432
> 0x0000: 4500 0028 99a0 4000 4006 4daf c129 e507 E..(....@[email protected]..)..
> 0x0010: ac1f 0130 7148 1069 d0ab cc76 2c15 ef7c ...0qH.i...v,..|
> 0x0020: 5011 1920 08cd 0000 P.......
>
> Sincerely,
> Michael Zervakis
>
