Negative-size-param memset in dlt_radiotap_get_80211 #402
Assignees
Labels
Comments
|
Thanks for the bug report. I have reproduced the error. |
|
Hi Can you tell me the bug patch(commit) plan? Thanks. |
|
This bug has not been scheduled. We just released a large set of fixes, and probably will not be scheduling any more fixes this summer. If you consider this high priority and a blocker to your work, I can try to move this up. |
|
Hi. Thank you for answer. Since this is not a critical problem, Do as you please. Thanks. |
fklassen
added a commit
that referenced
this issue
Jan 23, 2018
fklassen
added a commit
that referenced
this issue
Jan 23, 2018
fklassen
added a commit
that referenced
this issue
Jan 23, 2018
|
fixed in PR #454 |
fklassen
added a commit
that referenced
this issue
Oct 19, 2018
* Enhancement_#493_codacy_fixes: (26 commits) Enhancement #493 - fixes for Codacy identified issues Bug #486 Enforce max snaplen rather than doing realloc Bug #486 CVE-2018-17974 realloc memory if packet size increases Bug #484 CVE-2018-17582 Check for corrupt PCAP files 4.3 - revert travis updates from merge Remove dead code resolve possible null pointer dereference travis-ci: add autogen package Bug #461 build warnings (#462) #412 fix gcc 6.3 compiler warning #421 fix ms to ns conversion Bug #423 remove commented code Bug #423 Remove limit for tcpprep -S Bug #398 Rewrite of tcpdump.c (#457) Bug #402 memset dlt radiotap get 80211 (#454) #404 fix check_list return values (#453) #406 fix zero-length IP headers #416 apply STDIN restore to all programs #416 fix compile issue introduced by downstream PR #416 update CHANGELOG [ci skip] ...
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi.
I found Crash in tcprewrite
Please confirm.
OS: Ubuntu 16.04.2 32bit
To reproduce: ./tcprewrite -i dlt_radiotap_get_80211 -o /dev/null
tcprewrite version: 4.2.6 (build git:v4.2.6)
Copyright 2013-2017 by Fred Klassen - AppNeta
Copyright 2000-2012 by Aaron Turner
The entire Tcpreplay Suite is licensed under the GPLv3
Cache file supported: 04
Not compiled with libdnet.
Compiled against libpcap: 1.7.4
64 bit packet counters: enabled
Verbose printing via tcpdump: enabled
Fragroute engine: disabled
Asan Information
==24778==ERROR: AddressSanitizer: negative-size-param: (size=-18870)
#0 0xb72aeb04 in __asan_memcpy (/usr/lib/i386-linux-gnu/libasan.so.2+0x8ab04)
#1 0xb72aec2f in memcpy (/usr/lib/i386-linux-gnu/libasan.so.2+0x8ac2f)
#2 0x806b6de in dlt_radiotap_get_80211 plugins/dlt_radiotap/radiotap.c:353
#3 0x806b10e in dlt_radiotap_proto plugins/dlt_radiotap/radiotap.c:231
#4 0x805d69e in tcpedit_dlt_proto plugins/dlt_plugins.c:335
#5 0x804df92 in tcpedit_packet /home/karas/gwanyeong/tcpreplay-4.2.6/src/tcpedit/tcpedit.c:121
#6 0x804d598 in rewrite_packets /home/karas/gwanyeong/tcpreplay-4.2.6/src/tcprewrite.c:290
#7 0x804cbbc in main /home/karas/gwanyeong/tcpreplay-4.2.6/src/tcprewrite.c:131
#8 0xb7041636 in __libc_start_main (/lib/i386-linux-gnu/libc.so.6+0x18636)
#9 0x804a190 (/home/karas/gwanyeong/tcpreplay-4.2.6/src/tcprewrite+0x804a190)
0xb4019200 is located 18944 bytes inside of 65549-byte region [0xb4014800,0xb402480d)
allocated by thread T0 here:
#0 0xb72badee in malloc (/usr/lib/i386-linux-gnu/libasan.so.2+0x96dee)
#1 0x8073669 in _our_safe_malloc /home/karas/gwanyeong/tcpreplay-4.2.6/src/common/utils.c:46
#2 0x804d3f0 in rewrite_packets /home/karas/gwanyeong/tcpreplay-4.2.6/src/tcprewrite.c:248
#3 0x804cbbc in main /home/karas/gwanyeong/tcpreplay-4.2.6/src/tcprewrite.c:131
#4 0xb7041636 in __libc_start_main (/lib/i386-linux-gnu/libc.so.6+0x18636)
SUMMARY: AddressSanitizer: negative-size-param ??:0 __asan_memcpy
==24778==ABORTING
PoC : Download
Thanks.
The text was updated successfully, but these errors were encountered: