[tcpdump-workers] bug in tcpdump == core dump (radius code)

Arkadiusz Miskiewicz Sat, 02 Dec 2000 15:06:40 -0800

Ugly bug. Reproduceable. Today (2000 12 02) CVS tcpdump and libwrap version.
In attachment output from tcpdump.

Program received signal SIGSEGV, Segmentation fault.
0x0806e16a in print_attr_string (data=0x8140912 "\005", length=4294967294,
attr_code=30)
    at ./print-radius.c:449
449            printf("%c",(*data < 32 || *data > 128) ? '.' : *data );
(gdb) print data
$1 = (u_char *) 0x814d000 <Address 0x814d000 out of bounds>
(gdb) bt
#0  0x0806e16a in print_attr_string (data=0x8140912 "\005", length=4294967294,
attr_code=30)
    at ./print-radius.c:449
#1  0x0806e828 in radius_attr_print (attr=0x814090e "\004\002\036", length=34)
    at ./print-radius.c:710
#2  0x0806e9bd in radius_print (dat=0x81408fa "\005", length=86) at
./print-radius.c:788
#3  0x0805eafb in udp_print (bp=0x81408f2 "\017 \a\024", length=86,
bp2=0x81408de "E",
    fragmented=0) at ./print-udp.c:693
#4  0x0805154f in ip_print (bp=0x81408de "E", length=114) at ./print-ip.c:370
#5  0x0804f1a2 in ether_encap_print (ethertype=2048, p=0x81408de "E",
length=114, caplen=82)
    at ./print-ether.c:161
#6  0x0804efd4 in ether_if_print (user=0x0, h=0xbffff9e0, p=0x81408de "E") at
./print-ether.c:128
#7  0x400dcf76 in pcap_read_packet (handle=0x8140748, callback=0x804edd0
<ether_if_print>,
    userdata=0x0) at ./pcap-linux.c:401
#8  0x400dcd9a in pcap_read (handle=0x8140748, max_packets=-1,
    callback=0x804edd0 <ether_if_print>, user=0x0) at ./pcap-linux.c:254
#9  0x400ddb6f in pcap_loop (p=0x8140748, cnt=-1, callback=0x804edd0
<ether_if_print>, user=0x0)
    at ./pcap.c:79
#10 0x0804a4b3 in main (argc=4, argv=0xbffffcac) at ./tcpdump.c:417
#11 0x40178f63 in __libc_start_main () from /lib/libc.so.6
(gdb) frame 1
#1  0x0806e828 in radius_attr_print (attr=0x814090e "\004\002\036", length=34)
    at ./print-radius.c:710
710                   (*attr_type[rad_attr->type].print_func)( ((u_char 
*)(rad_attr+1)),
(gdb) print attr_type
$6 = 0x808c618
(gdb) print rad_attr->type
$7 = 30 '\036'
(gdb) print rad_attr
$8 = (struct radius_attr *) 0x8140910
(gdb) print *rad_attr
$9 = {type = 30 '\036', len = 0 '\000'}
(gdb)
(gdb) print *attr_type
$10 = {name = 0x0, subtypes = 0x0, siz_subtypes = 0 '\000', first_subtype = 0
'\000', print_func = 0}

-- 
Arkadiusz Miśkiewicz, AM2-6BONE    [ PLD GNU/Linux IPv6 ]
http://www.t17.ds.pwr.wroc.pl/~misiek/ipv6/   [ enabled ]
tcpdump-radius.gz
[tcpdump-workers] bug in tcpdump == core dump (radius code)

Reply via email to
