search

appneta / tcpreplay

Pcap editing and replay tools for *NIX and Windows - Users please download source from
http://tcpreplay.appneta.com/wiki/installation.html#downloads
1.16k stars 268 forks source link

[Bug] Reachable assertion in packet2tree() #715

Closed Marsman1996 closed 1 year ago

Marsman1996 commented 2 years ago

Describe the bug The assertion assert(l2len > 0); in packet2tree() at tree.c is reachable when the user uses tcpprep to open a crafted pcap file. The variable l2len is assigned in get_l2len_protocol() at get.c.

https://github.com/appneta/tcpreplay/blob/09f07748dcabe3d58961f123f31dd0f75198a389/src/tree.c#L733-L746

However, when the datalink is DLT_RAW or DLT_JUNIPER_ETHER, l2len is assigned with 0, and the assertion is triggered.

https://github.com/appneta/tcpreplay/blob/09f07748dcabe3d58961f123f31dd0f75198a389/src/common/get.c#L268-L282

To Reproduce Steps to reproduce the behavior:

  1. Get the Tcpreplay source code (master 09f0774) and compile it.
  2. Run command: $ tcpprep --auto=bridge --pcap=$POC --cachefile=/dev/null
    The POC file could be downloaded here:
    POC_file

Expected behavior Program reports assertion failure and is terminated.

Screenshots image

The GDB report:

Breakpoint 6, packet2tree (data=0x7ffff7ef8010 "@", len=33, datalink=12) at ../../code/src/tree.c:733
733         res = get_l2len_protocol(data,
(gdb) p datalink 
$8 = 12
(gdb) n
741         if (res == -1)
(gdb) 
744         node = new_tree();
(gdb) 

Breakpoint 1, packet2tree (data=0x7ffff7ef8010 "@", len=33, datalink=<optimized out>) at ../../code/src/tree.c:746
746         assert(l2len > 0);
(gdb) p l2len 
$9 = 0
(gdb) c
Continuing.
tcpprep: ../../code/src/tree.c:746: tcpr_tree_t *packet2tree(const u_char *, const int, int): Assertion `l2len > 0' failed.

Program received signal SIGABRT, Aborted.
0x00007ffff7194438 in __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:54
54      ../sysdeps/unix/sysv/linux/raise.c: No such file or directory.

System (please complete the following information):

fklassen commented 1 year ago

Unable to recreate. What is your ./configure command?

Here is my log:

$ ./configure --with-testnic=ens33
...
$ make
...
$ src/tcpprep --auto=bridge --pcap=$POC --cachefile=/dev/null

Fatal Error: Error opening file: invalid file capture length 264194, bigger than maximum of 262144
fklassen commented 1 year ago

Closing as "Cannot reproduce" however I believe that whatever you are seeing may be fixed with #716.

fklassen commented 1 year ago

Able to reproduce with #746 and to be fixed in 4.4.3. #678, commit 46cf964a