tcpdump mailing list archives

Re: Seg fault of tcpdump (v 3.8.1 and below) with malformed l2tp packets

From: "Michele 'mydecay' Marchetto" <smarchetto1 () tin it>
Date: Wed, 24 Dec 2003 19:39:06 +0100

On Wed, 2003-12-24 at 16:20, MH wrote:

The first test sent tcpdump into an infinite loop because the l2tp_avp_print() 
function calls itself and passes bad data.
uP: i386
tcpdump: (up to 3.8.1)
libpcap: 0.7.2
os: Linux
I have not been able to seg fault tcpdump on OpenBSD.  And, the infinite looping
does not occur on OpenBSD after applying Otto Moerbeek's patch.

Can anyone else reproduce these results?


this patch should solve, please apply

-- 
mydecay
S.P.I.N.E. Group - http://www.spine-group.org
Key Fingerprint: 667A 4E73 EA53 66AC E2AB  D0CA 2908 1484 1F26 4C40
GnuPG Key: http://www.spine-group.org/keys/mydecay.asc

Attachment: print-l2tp.diff
Description:

Current thread:

Seg fault of tcpdump (v 3.8.1 and below) with malformed l2tp packets MH (Dec 24)
- Re: Seg fault of tcpdump (v 3.8.1 and below) with malformed l2tp packets MH (Dec 24)
  - Re: Seg fault of tcpdump (v 3.8.1 and below) with malformed l2tp packets Michele 'mydecay' Marchetto (Dec 26)
    - Re: Seg fault of tcpdump (v 3.8.1 and below) with malformed l2tp packets Michael Richardson (Dec 28)
- Re: Seg fault of tcpdump (v 3.8.1 and below) with malformed l2tp packets Michele 'mydecay' Marchetto (Dec 24)
- Re: Seg fault of tcpdump (v 3.8.1 and below) with malformed l2tp packets Michele 'mydecay' Marchetto (Dec 26)
- Re: Seg fault of tcpdump (v 3.8.1 and below) with malformed l2tp packets Guy Harris (Dec 26)