Re: Bug in print-ppp.c

[Hannes Gredler <hannes () juniper net>]

thanks for your submission - checked in; - /hannes

On Tue, Jul 13, 2004 at 03:04:43PM +1000, Darren Reed wrote:
| I've come across a packet that causes me to get a stack trace something
| like this:
| #0  0x00000000 in ?? ()
| #1  0x0807a0bd in handle_ctrl_proto (proto=32855, pptr=0x8195c82 "\001", length=14) at print-ppp.c:450
| #2  0x0807be24 in handle_ppp (proto=32855, p=0x8195c82 "\001", length=14) at print-ppp.c:1143
| #3  0x0807c072 in ppp_print (p=0x8195c82 "\001", length=14) at print-ppp.c:1229
| #4  0x0805fd22 in gre_print_1 (bp=0x8195c80 "\200W\001", length=28) at print-gre.c:305
| #5  0x0805f757 in gre_print (bp=0x8195c74 "0\001\210\v", length=28) at print-gre.c:108
| #6  0x080634c2 in ip_print (bp=0x8195c60 "E", length=48) at print-ip.c:606
| #7  0x08060307 in gtpv1u_print (bp=0x8195c60 "E", length=48) at print-gtp.c:323
| #8  0x080919d6 in udp_print (bp=0x8195c4c "\bh\bh", length=60, bp2=0x8195c38 "E", fragmented=0) at print-udp.c:635
| #9  0x080633b9 in ip_print (bp=0x8195c38 "E", length=88) at print-ip.c:539
| #10 0x0805e062 in ether_encap_print (ether_type=2048, p=0x8195c38 "E", length=88, caplen=88, 
extracted_ether_type=0xbffff2d0)
|     at print-ether.c:189
| #11 0x0805de85 in ether_print (p=0x8195c38 "E", length=88, caplen=88) at print-ether.c:142
| #12 0x0805def3 in ether_if_print (h=0xbffff340, p=0x8195c2a "") at print-ether.c:162
| #13 0x08094fc9 in print_packet (user=0xbffff520 "??\005\b", h=0xbffff340, sp=0x8195c2a "") at tcpdump.c:1188
| #14 0x080a389a in pcap_offline_read ()
| #15 0x0809b486 in pcap_loop ()
| #16 0x08094b55 in main (argc=5, argv=0xbffff594) at tcpdump.c:997
| #17 0x420158d4 in __libc_start_main () from /lib/i686/libc.so.6
| 
| Somewhere around like 445, print-ppp.c has:
|                         default:
|                                 /*
|                                  * This should never happen, but we set
|                                  * "pfunc" to squelch uninitialized
|                                  * variable warnings from compilers.
|                                  */
|                                 pfunc = NULL;
|                                 break;
|                         }
| 
| Adding a printout after the closing }, I see this for one packet:
| pfunc (nil) tptr 0x8195c86 len 14 x 10 proto 0x8057 ptr 0x8195c82 length 14
| 
| We've come here from handle_ppp() which calls handl_ctrl_proto() for
| PPP_IPV6CP.
| 
| This patch (modulo white space) solves this problem for now.
| 
| *** print-ppp.c 8 Jul 2004 11:10:37 -0000       1.2
| --- print-ppp.c 13 Jul 2004 05:01:15 -0000
| ***************
| *** 447,452 ****
| --- 447,454 ----
|                                 pfunc = NULL;
|                                 break;
|                         }
| +                       if (pfunc == NULL)
| +                               break;
|                         if ((j = (*pfunc)(tptr, len)) == 0)
|                                 break;
|                         x -= j;
| 
| Darren
| -
| This is the tcpdump-workers list.
| Visit https://lists.sandelman.ca/ to unsubscribe.
-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.