Describe the bug
There is a reachable assertion error in packet2tree, src/tree.c:746, invoked by add_tree_ipv6, src/tree.c:570, which is different from #756. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted pcap file.
./build_asan/bin/tcpprep -a client -i poc -o /tmp/foo
Expected behavior
$ gdb -batch -ex "run" -ex "bt" --args ./build_asan/bin/tcpprep -a client -i poc -o /tmp/foo
warning: Error disabling address space randomization: Operation not permitted
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Warning in tcpprep.c:main() line 105:
poc was captured using a snaplen of 96 bytes. This may mean you have truncated packets.
tcpprep: tree.c:746: packet2tree: Assertion `l2len > 0' failed.
Program received signal SIGABRT, Aborted.
__GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
50 ../sysdeps/unix/sysv/linux/raise.c: No such file or directory.
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
#1 0x00007f1103ab2859 in __GI_abort () at abort.c:79
#2 0x00007f1103ab2729 in __assert_fail_base (fmt=0x7f1103c48588 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=0x55a81b856500 "l2len > 0", file=0x55a81b855460 "tree.c", line=746, function=<optimized out>) at assert.c:92
#3 0x00007f1103ac3fd6 in __GI___assert_fail (assertion=0x55a81b856500 "l2len > 0", file=0x55a81b855460 "tree.c", line=746, function=0x55a81b856e80 <__PRETTY_FUNCTION__.9829> "packet2tree") at assert.c:101
#4 0x000055a81b807bd8 in packet2tree (data=0x608000000020 "d", len=74, datalink=12) at tree.c:746
#5 0x000055a81b806692 in add_tree_ipv6 (addr=0x608000000028, data=0x608000000020 "d", len=74, datalink=12) at tree.c:570
#6 0x000055a81b7fe525 in process_raw_packets (pcap=0x617000000080) at tcpprep.c:469
#7 0x000055a81b7fc28e in main (argc=7, argv=0x7ffd1185d6a8) at tcpprep.c:144
System (please complete the following information):
OS: Ubuntu
OS version: 20.04.5
Tcpreplay Version: 4.4.2
Additional context
The crash point was invoked by add_tree_ipv6, src/tree.c:570, which is different from #756.
Describe the bug There is a reachable assertion error in
packet2tree, src/tree.c:746
, invoked byadd_tree_ipv6, src/tree.c:570
, which is different from #756. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted pcap file.To Reproduce Steps to reproduce the behavior:
build with
download the poc file
poc.zip
Expected behavior
System (please complete the following information):
Additional context The crash point was invoked by
add_tree_ipv6, src/tree.c:570
, which is different from #756.