tcpdump mailing list archives
Re: Bug in print-ppp.c
From: Hannes Gredler <hannes () juniper net>
Date: Tue, 13 Jul 2004 17:47:58 +0200
thanks for your submission - checked in; - /hannes On Tue, Jul 13, 2004 at 03:04:43PM +1000, Darren Reed wrote: | I've come across a packet that causes me to get a stack trace something | like this: | #0 0x00000000 in ?? () | #1 0x0807a0bd in handle_ctrl_proto (proto=32855, pptr=0x8195c82 "\001", length=14) at print-ppp.c:450 | #2 0x0807be24 in handle_ppp (proto=32855, p=0x8195c82 "\001", length=14) at print-ppp.c:1143 | #3 0x0807c072 in ppp_print (p=0x8195c82 "\001", length=14) at print-ppp.c:1229 | #4 0x0805fd22 in gre_print_1 (bp=0x8195c80 "\200W\001", length=28) at print-gre.c:305 | #5 0x0805f757 in gre_print (bp=0x8195c74 "0\001\210\v", length=28) at print-gre.c:108 | #6 0x080634c2 in ip_print (bp=0x8195c60 "E", length=48) at print-ip.c:606 | #7 0x08060307 in gtpv1u_print (bp=0x8195c60 "E", length=48) at print-gtp.c:323 | #8 0x080919d6 in udp_print (bp=0x8195c4c "\bh\bh", length=60, bp2=0x8195c38 "E", fragmented=0) at print-udp.c:635 | #9 0x080633b9 in ip_print (bp=0x8195c38 "E", length=88) at print-ip.c:539 | #10 0x0805e062 in ether_encap_print (ether_type=2048, p=0x8195c38 "E", length=88, caplen=88, extracted_ether_type=0xbffff2d0) | at print-ether.c:189 | #11 0x0805de85 in ether_print (p=0x8195c38 "E", length=88, caplen=88) at print-ether.c:142 | #12 0x0805def3 in ether_if_print (h=0xbffff340, p=0x8195c2a "") at print-ether.c:162 | #13 0x08094fc9 in print_packet (user=0xbffff520 "??\005\b", h=0xbffff340, sp=0x8195c2a "") at tcpdump.c:1188 | #14 0x080a389a in pcap_offline_read () | #15 0x0809b486 in pcap_loop () | #16 0x08094b55 in main (argc=5, argv=0xbffff594) at tcpdump.c:997 | #17 0x420158d4 in __libc_start_main () from /lib/i686/libc.so.6 | | Somewhere around like 445, print-ppp.c has: | default: | /* | * This should never happen, but we set | * "pfunc" to squelch uninitialized | * variable warnings from compilers. | */ | pfunc = NULL; | break; | } | | Adding a printout after the closing }, I see this for one packet: | pfunc (nil) tptr 0x8195c86 len 14 x 10 proto 0x8057 ptr 0x8195c82 length 14 | | We've come here from handle_ppp() which calls handl_ctrl_proto() for | PPP_IPV6CP. | | This patch (modulo white space) solves this problem for now. | | *** print-ppp.c 8 Jul 2004 11:10:37 -0000 1.2 | --- print-ppp.c 13 Jul 2004 05:01:15 -0000 | *************** | *** 447,452 **** | --- 447,454 ---- | pfunc = NULL; | break; | } | + if (pfunc == NULL) | + break; | if ((j = (*pfunc)(tptr, len)) == 0) | break; | x -= j; | | Darren | - | This is the tcpdump-workers list. | Visit https://lists.sandelman.ca/ to unsubscribe. - This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.
Current thread:
- Bug in print-ppp.c Darren Reed (Jul 12)
- Re: Bug in print-ppp.c Hannes Gredler (Jul 13)
- Re: Bug in print-ppp.c Romain Francoise (Jul 24)
- Re: Bug in print-ppp.c Darren Reed (Jul 25)
- Re: Bug in print-ppp.c Romain Francoise (Jul 25)
- Re: Bug in print-ppp.c Darren Reed (Jul 25)