search

warjiang / dpkt

Automatically exported from code.google.com/p/dpkt
Other
0 stars 0 forks source link

Infinite loop in gre.py #94

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?
1. read a packet with dpkt.ethernet.Ethernet() from a pcap file containing a 
fragmented GRE packet

What is the expected output? What do you see instead?
I expected dpkt.ethernet.Ethernet(data) to return an ethernet frame I could 
read. Instead my program hangs and consumes 100% of the cpu until I kill it.

What version of the product are you using? On what operating system?
dpkt 1.7 with Python 2.7.3 on Ubuntu/precise

# python
Python 2.7.3 (default, Aug  1 2012, 05:16:07)
[GCC 4.6.3] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import dpkt
>>> dpkt.__version__
'1.7'

Please provide any additional information below.

There is an infinite loop in gre.py that can be triggered with a pcap 
containing a truncated GRE packet. This causes my program to hang and use 100% 
of the cpu. I'm attaching a sanitized pcap with a single packet that will 
reproduce the problem in dpkt-1.7. This is what I'm doing in my code where the 
problem happens:

pcapReader = dpkt.pcap.Reader(open('671-sanitized.pcap'))
for ts, data in pcapReader:
    eth = dpkt.ethernet.Ethernet(data)

This is where the infinite loop happens in dpkt/gre.py:

     72             while True:
     73                 sre = self.SRE(self.data)
     74                 l.append(sre)
     75                 if not sre.len:
     76                     break

This is what it looks like in pdb:

> /usr/local/lib/python2.7/dist-packages/dpkt/gre.py(73)unpack()
-> while True:
(Pdb) n
> /usr/local/lib/python2.7/dist-packages/dpkt/gre.py(74)unpack()
-> sre = self.SRE(self.data)
(Pdb)
> /usr/local/lib/python2.7/dist-packages/dpkt/gre.py(75)unpack()
-> l.append(sre)
(Pdb)
> /usr/local/lib/python2.7/dist-packages/dpkt/gre.py(76)unpack()
-> if not sre.len:
(Pdb)
> /usr/local/lib/python2.7/dist-packages/dpkt/gre.py(73)unpack()
-> while True:
(Pdb)
> /usr/local/lib/python2.7/dist-packages/dpkt/gre.py(74)unpack()
-> sre = self.SRE(self.data)
(Pdb)
> /usr/local/lib/python2.7/dist-packages/dpkt/gre.py(75)unpack()
-> l.append(sre)
(Pdb)
> /usr/local/lib/python2.7/dist-packages/dpkt/gre.py(76)unpack()
-> if not sre.len:
(Pdb)
> /usr/local/lib/python2.7/dist-packages/dpkt/gre.py(73)unpack()
-> while True:
(Pdb)
> /usr/local/lib/python2.7/dist-packages/dpkt/gre.py(74)unpack()
-> sre = self.SRE(self.data)
(Pdb)
> /usr/local/lib/python2.7/dist-packages/dpkt/gre.py(75)unpack()
-> l.append(sre)
(Pdb)
> /usr/local/lib/python2.7/dist-packages/dpkt/gre.py(76)unpack()
-> if not sre.len:
(Pdb)
> /usr/local/lib/python2.7/dist-packages/dpkt/gre.py(73)unpack()
-> while True:

I'm not sure what the correct way to fix this is, so I just added a counter to 
exit the loop after 100 iterations when it hits a problem packet as a temporary 
workaround. 

     72             n = 0
     73             while True and n < 100:
     74                 sre = self.SRE(self.data)
     75                 l.append(sre)
     76                 if not sre.len:
     77                     break
     78                 n += 1

Original issue reported on code.google.com by jaco...@gmail.com on 26 Aug 2012 at 8:10

Attachments:

GoogleCodeExporter commented 9 years ago 
Here is a patch for the issue which avoids doing the temporary workaround.

Original comment by brian.pa...@gmail.com on 17 Jul 2013 at 7:17

Attachments: