tcpdump mailing list archives
getifaddrs b00m
From: Pedro Andujar <pandujar () sia es>
Date: Thu, 25 Sep 2003 19:20:20 +0200
****BOX INFO****
[root@diablo]# uname -a
Linux diablo.digitalsec.net 2.4.22-grsec #8 Mon Sep 22 07:42:09 PDT 2003
i686 athlon i386 GNU/Linux
[root@diablo]# cat /etc/redhat-release
Red Hat Linux release 9 (Shrike)
[root@diablo]# rpm -qa | grep tcpdu
tcpdump-3.7.2-1.9.1
[root@diablo]# rpm -qa | grep pcap libpcap-0.7.2-1 [root@diablo]#
***PROBLEM INFO***
[root@diablo]# tcpdump -i eth0
tcpdump: listening on eth0
06:56:44.960022 diablo.digitalsec.net.ssh > 62.93.164.66.4026: P
1133624852:1133624904(52) ack 930872094 win 2920 (DF) [tos 0x10]
06:56:44.972373 63.171.211.171 > 63.223.65.162: icmp: echo request
06:56:44.975421
That´s OK! but ....
[root@diablo]# tcpdump
Segmentation fault
[root@diablo]# ulimit -c unlimited
[root@diablo]# tcpdump
Segmentation fault (core dumped)
[root@diablo]# gdb -c core /usr/sbin/tcpdump
GNU gdb Red Hat Linux (5.3post-0.20021129.18rh)
Copyright 2003 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain
conditions. Type "show copying" to see the conditions. There is absolutely
no warranty for GDB. Type "show warranty" for details. This GDB was
configured as "i386-redhat-linux-gnu"...(no debugging symbols found)... Core
was generated by `tcpdump'. Program terminated with signal 11, Segmentation
fault. Reading symbols from /lib/i686/libc.so.6...(no debugging symbols
found)...done. Loaded symbols for /lib/i686/libc.so.6 Reading symbols from
/lib/ld-linux.so.2...(no debugging symbols found)...done. Loaded symbols for
/lib/ld-linux.so.2 #0 0x40118ecf in getifaddrs () from /lib/i686/libc.so.6
(gdb) break
Breakpoint 1 at 0x40118ecf
(gdb) info all
eax 0x817eda4 135785892
ecx 0x2c 44
edx 0xffffffff -1
ebx 0x4014f980 1075116416
esp 0xbffff890 0xbffff890
ebp 0xbffff998 0xbffff998
esi 0x41 65
edi 0x42 66
eip 0x40118ecf 0x40118ecf
eflags 0x10287 66183
cs 0x23 35
ss 0x2b 43
ds 0x2b 43
es 0x2b 43
fs 0x2b 43
gs 0x2b 43
st0 0 (raw 0x00000000000000000000)
st1 0 (raw 0x00000000000000000000)
st2 0 (raw 0x00000000000000000000)
st3 0 (raw 0x00000000000000000000)
st4 0 (raw 0x00000000000000000000)
st5 0 (raw 0x00000000000000000000)
st6 0 (raw 0x00000000000000000000)
st7 0 (raw 0x00000000000000000000)
fctrl 0x0 0
fstat 0x0 0
ftag 0x0 0
fiseg 0x0 0
fioff 0x0 0
foseg 0x0 0
fooff 0x0 0
fop 0x0 0
xmm0 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0},
v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 =
0x00000000000000000000000000000000}
xmm1 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0},
v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 =
0x00000000000000000000000000000000}
xmm2 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0},
v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 =
0x00000000000000000000000000000000}
xmm3 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0},
v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 =
0x00000000000000000000000000000000}
xmm4 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0},
v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 =
0x00000000000000000000000000000000}
xmm5 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0},
v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 =
0x00000000000000000000000000000000}
xmm6 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0},
v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 =
0x00000000000000000000000000000000}
xmm7 {v4_float = {0x0, 0x0, 0x0, 0x0}, v2_double = {0x0, 0x0},
v16_int8 = {0x0 <repeats 16 times>}, v8_int16 = {0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0},
v4_int32 = {0x0, 0x0, 0x0, 0x0}, v2_int64 = {0x0, 0x0}, uint128 =
0x00000000000000000000000000000000}
mxcsr 0x0 0
mm0 {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0,
0x0, 0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}
mm1 {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0,
0x0, 0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}
mm2 {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0,
0x0, 0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}
mm3 {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0,
0x0, 0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}
mm4 {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0,
0x0, 0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}
mm5 {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0,
0x0, 0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}
mm6 {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0,
0x0, 0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}
mm7 {uint64 = 0x0, v2_int32 = {0x0, 0x0}, v4_int16 = {0x0, 0x0,
0x0, 0x0}, v8_int8 = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}
(gdb) info stack
#0 0x40118ecf in getifaddrs () from /lib/i686/libc.so.6
#1 0x08082f80 in error ()
#2 0x080831e9 in error ()
#3 0x08078d1f in strcpy ()
#4 0x40030a07 in __libc_start_main () from /lib/i686/libc.so.6
(gdb) run
Starting program: /usr/sbin/tcpdump
(no debugging symbols found)...(no debugging symbols found)... Program
received signal SIGSEGV, Segmentation fault. 0x40118ecf in getifaddrs ()
from /lib/i686/libc.so.6 ---------------------------------end
gdb----------------------------------
---------------------------------ltrace----------------------------------
__libc_start_main(0x08078370, 1, 0xbffffbc4, 0x0808e680, 0x0808e6b0
<unfinished ...>
strrchr("tcpdump", '/')
= NULL
getopt(1, 0xbffffbc4, "ac:C:deE:fF:i:lm:nNOpqr:Rs:StT:u"...)
= -1
time(NULL)
= 1064498452
gmtime(0xbffffa00)
= 0x40152420
localtime(0xbffffa00)
= 0x40152420
getifaddrs(0xbffff9c8, 0xbffffbc4, 0xbffff9f8, 0x0804b172, 0xbffffa00
<unfinished ...>
--- SIGSEGV (Segmentation fault) ---
+++ killed by SIGSEGV +++
---------------------------------end
ltrace----------------------------------
I have 62 eth aliases (eth0:1 :2 ... 62), getifaddrs.... this problem only
exist when all aliases are active.
I think the problem is in libpcap... i have the same problem with arpwatch:
[root@diablo]# ltrace arpwatch
__libc_start_main(0x0804a470, 1, 0xbffffbc4, 0x0805f068, 0x0805f098
<unfinished ...>
strrchr("arpwatch", '/')
= NULL
getopt(1, 0xbffffbc4, "df:i:n:Nr:u:e:s:")
= -1
getifaddrs(0xbffff9e8, 1, 1, 0x0806d6f4, 0 <unfinished ...>
--- SIGSEGV (Segmentation fault) ---
+++ killed by SIGSEGV +++
Any ideas, patchs ... thx in advance
PD: Sorry for my poor english :p
Pedro Andújar (Crg)
!dSR - Digital Security Research
http://www.digitalsec.net
Current thread:
- getifaddrs b00m Pedro Andujar (Sep 25)
- Re: getifaddrs b00m Guy Harris (Sep 25)