Skip to content

Instantly share code, notes, and snippets.

@kbandla
Created February 7, 2015 15:43
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save kbandla/e497aa20587ddb8ce0f5 to your computer and use it in GitHub Desktop.
Save kbandla/e497aa20587ddb8ce0f5 to your computer and use it in GitHub Desktop.
tcpdump report, 4 crashes

Sat Feb 7 09:54:39 2015

tcpdump version 4.7.0-PRE-GIT_2015_02_07
libpcap version 1.7.0-PRE-GIT_2015_02_07

Crash 1

The problem is in asn1_parse for both of these issues.

Stack Trace 1

asn1_parse
snmp_print
atm_print
sunatm_if_print
print_packet
pcap_offline_read
pcap_loop
main
__libc_start_main
_start

Backtrace details

#0  asn1_parse (ndo=ndo@entry=0x9d2c00, p=<optimized out>, p@entry=0x9d40f4 "F\275AAAX", 'A' <repeats 14 times>, "\016#\227U4", len=<optimized out>, len@entry=1094795590, elem=elem@entry=0x7fffffffca30) at ./print-snmp.c:572
#1  0x00000000005a2832 in snmp_print (ndo=0x9d2c00, np=0x9d40f4 "F\275AAAX", 'A' <repeats 14 times>, "\016#\227U4", length=1094795590) at ./print-snmp.c:1856
#2  0x000000000043f59e in atm_print (ndo=0x9d2c00, vpi=0, vci=16, traftype=0, p=0x9d40f4 "F\275AAAX", 'A' <repeats 14 times>, "\016#\227U4", length=1094795590, caplen=70) at ./print-atm.c:328
#3  0x00000000005a6606 in sunatm_if_print (ndo=0x9d2c00, h=<optimized out>, p=0x9d40f4 "F\275AAAX", 'A' <repeats 14 times>, "\016#\227U4") at ./print-sunatm.c:104
#4  0x000000000040cc46 in print_packet (user=0x7fffffffcd10 "", h=0x7fffffffcbf0, sp=0x9d40f0 "") at ./tcpdump.c:2326
#5  0x00007ffff7ba0c47 in pcap_offline_read (p=0x9d4d90, cnt=-1, callback=0x40cae0 <print_packet>, user=0x7fffffffcd10 "") at ./savefile.c:409
#6  0x00007ffff7b462f8 in pcap_loop (p=0x9d4d90, cnt=-1, callback=0x40cae0 <print_packet>, user=0x7fffffffcd10 "") at ./pcap.c:861
#7  0x000000000040907a in main (argc=<optimized out>, argv=<optimized out>) at ./tcpdump.c:1866
#8  0x00007ffff77a9ead in __libc_start_main () from /lib/x86_64-linux-gnu/libc.so.6
#9  0x000000000040b6b1 in _start ()
```
###Files:
```
https://in2void.com/users/kbandla/research/tcpdump/pcaps/5608064a5386038fe344a335c2024694
```

## Stack Trace 2
```
asn1_print
snmp_print
atm_print
sunatm_if_print
print_packet
pcap_offline_read
pcap_loop
main
__libc_start_main
_start
```

### Backtrace details

#0 0x000000000059e5de in asn1_print (ndo=ndo@entry=0x9d2c00, elem=elem@entry=0x7fffffffca30) at ./print-snmp.c:792 #1 0x00000000005a290e in snmp_print (ndo=0x9d2c00, np=, length=) at ./print-snmp.c:1874 #2 0x000000000043f59e in atm_print (ndo=0x9d2c00, vpi=0, vci=16, traftype=0, p=0x9d40f4 "\004\274\234\067\377", length=4294967110, caplen=70) at ./print-atm.c:328 #3 0x00000000005a6606 in sunatm_if_print (ndo=0x9d2c00, h=, p=0x9d40f4 "\004\274\234\067\377") at ./print-sunatm.c:104 #4 0x000000000040cc46 in print_packet (user=0x7fffffffcd10 "", h=0x7fffffffcbf0, sp=0x9d40f0 <incomplete sequence \351>) at ./tcpdump.c:2326 #5 0x00007ffff7ba0c47 in pcap_offline_read (p=0x9d4d90, cnt=-1, callback=0x40cae0 <print_packet>, user=0x7fffffffcd10 "") at ./savefile.c:409 #6 0x00007ffff7b462f8 in pcap_loop (p=0x9d4d90, cnt=-1, callback=0x40cae0 <print_packet>, user=0x7fffffffcd10 "") at ./pcap.c:861 #7 0x000000000040907a in main (argc=, argv=) at ./tcpdump.c:1866 #8 0x00007ffff77a9ead in __libc_start_main () from /lib/x86_64-linux-gnu/libc.so.6 #9 0x000000000040b6b1 in _start ()

###Files:

https://in2void.com/users/kbandla/research/tcpdump/pcaps/3d72f7b3ed184fe3586b80504ae323dc


# Crash 2 
4 backtraces leading to the same issue

## Stack Trace 1:

esis_print null_if_print print_packet pcap_offline_read pcap_loop main __libc_start_main _start


### Backtrace details 

#0 0x00000000004d6894 in esis_print (ndo=0x9d2c00, pptr=, length=) at ./print-isoclns.c:1059 #1 0x000000000052604d in null_if_print (ndo=0x9d2c00, h=, p=0x9d40f4 "\202") at ./print-null.c:119 #2 0x000000000040cc46 in print_packet (user=0x7fffffffcd10 "", h=0x7fffffffcbf0, sp=0x9d40f0 "") at ./tcpdump.c:2326 #3 0x00007ffff7ba0c47 in pcap_offline_read (p=0x9d4d90, cnt=-1, callback=0x40cae0 <print_packet>, user=0x7fffffffcd10 "") at ./savefile.c:409 #4 0x00007ffff7b462f8 in pcap_loop (p=0x9d4d90, cnt=-1, callback=0x40cae0 <print_packet>, user=0x7fffffffcd10 "") at ./pcap.c:861 #5 0x000000000040907a in main (argc=, argv=) at ./tcpdump.c:1866 #6 0x00007ffff77a9ead in __libc_start_main () from /lib/x86_64-linux-gnu/libc.so.6 #7 0x000000000040b6b1 in _start ()

###Files:

https://in2void.com/users/kbandla/research/tcpdump/pcaps/82aad133166283288e665a36ea8bac1e


## Stack Trace2 

esis_print ethertype_print ether_print ether_if_print print_packet pcap_offline_read pcap_loop main __libc_start_main _start


### Backtrace details

#0 0x00000000004d68e4 in esis_print (ndo=0x9d2c00, pptr=, length=) at ./print-isoclns.c:1059 #1 0x000000000047ed3e in ethertype_print (ndo=ndo@entry=0x9d2c00, ether_type=ether_type@entry=34888, p=0x9d40fe "", length=length@entry=2290649148, caplen=caplen@entry=60) at ./print-ether.c:403 #2 0x00000000004809b9 in ether_print (ndo=0x9d2c00, p=, length=, caplen=, print_encap_header=print_encap_header@entry=0, encap_header_arg=encap_header_arg@entry=0x0) at ./print-ether.c:222 #3 0x00000000004812e3 in ether_if_print (ndo=, h=, p=) at ./print-ether.c:246 #4 0x000000000040cc46 in print_packet (user=0x7fffffffcd10 "", h=0x7fffffffcbf0, sp=0x9d40f0 "\210\210\210\210\210\210\210\210\210\210\210\210\210H") at ./tcpdump.c:2326 #5 0x00007ffff7ba0c47 in pcap_offline_read (p=0x9d4d90, cnt=-1, callback=0x40cae0 <print_packet>, user=0x7fffffffcd10 "") at ./savefile.c:409 #6 0x00007ffff7b462f8 in pcap_loop (p=0x9d4d90, cnt=-1, callback=0x40cae0 <print_packet>, user=0x7fffffffcd10 "") at ./pcap.c:861 #7 0x000000000040907a in main (argc=, argv=) at ./tcpdump.c:1866 #8 0x00007ffff77a9ead in __libc_start_main () from /lib/x86_64-linux-gnu/libc.so.6 #9 0x000000000040b6b1 in _start ()

###Files:

https://in2void.com/users/kbandla/research/tcpdump/pcaps/6e094acb6f2f954ac93982e0996d747f


## Stack Trace 3

esis_print fr_print print_packet pcap_offline_read pcap_loop main __libc_start_main _start


### Backtrace details

#0 0x00000000004d6880 in esis_print (ndo=0x9d2c00, pptr=, length=) at ./print-isoclns.c:1059 #1 0x000000000049ea9a in fr_print (ndo=0x9d2c00, p=0x9d40f6 "\003\001\203\203\203\203aa", length=4194303993) at ./print-fr.c:328 #2 0x000000000040cc46 in print_packet (user=0x7fffffffcd10 "", h=0x7fffffffcbf0, sp=0x9d40f0 "") at ./tcpdump.c:2326 #3 0x00007ffff7ba0c47 in pcap_offline_read (p=0x9d4d90, cnt=-1, callback=0x40cae0 <print_packet>, user=0x7fffffffcd10 "") at ./savefile.c:409 #4 0x00007ffff7b462f8 in pcap_loop (p=0x9d4d90, cnt=-1, callback=0x40cae0 <print_packet>, user=0x7fffffffcd10 "") at ./pcap.c:861 #5 0x000000000040907a in main (argc=, argv=) at ./tcpdump.c:1866 #6 0x00007ffff77a9ead in __libc_start_main () from /lib/x86_64-linux-gnu/libc.so.6 #7 0x000000000040b6b1 in _start ()

###Files:

https://in2void.com/users/kbandla/research/tcpdump/pcaps/6923ac3f447bb23a6100cedaab56534d


## Stack Trace 4

esis_print ppp_print ppp_if_print print_packet pcap_offline_read pcap_loop main __libc_start_main _start


### Backtrace details

#0 esis_print (ndo=0x9d2c00, pptr=, length=) at ./print-isoclns.c:1059 #1 0x00000000005568d1 in ppp_print (ndo=0x9d2c00, p=0x7ffff7fb1011 "\202", length=4294246416) at ./print-ppp.c:1555 #2 0x0000000000556bc2 in ppp_if_print (ndo=, h=, p=) at ./print-ppp.c:1617 #3 0x000000000040cc46 in print_packet (user=0x7fffffffcd10 "", h=0x7fffffffcbf0, sp=0x7ffff7fb1010 "#\202") at ./tcpdump.c:2326 #4 0x00007ffff7ba0c47 in pcap_offline_read (p=0x9d4d90, cnt=-1, callback=0x40cae0 <print_packet>, user=0x7fffffffcd10 "") at ./savefile.c:409 #5 0x00007ffff7b462f8 in pcap_loop (p=0x9d4d90, cnt=-1, callback=0x40cae0 <print_packet>, user=0x7fffffffcd10 "") at ./pcap.c:861 #6 0x000000000040907a in main (argc=, argv=) at ./tcpdump.c:1866 #7 0x00007ffff77a9ead in __libc_start_main () from /lib/x86_64-linux-gnu/libc.so.6 #8 0x000000000040b6b1 in _start ()

###Files:

https://in2void.com/users/kbandla/research/tcpdump/pcaps/548cc194cc6d73defc79b0c1898ee88f



# Crash 3
## Stack Trace:

wb_prep wb_print ip_print_demux ip_print ethertype_print ether_print ether_if_print print_packet pcap_offline_read pcap_loop main __libc_start_main _start


## Backtrace details

#0 wb_prep (len=, prep=, ndo=0x9d2c00) at ./print-wb.c:280 #1 wb_print (ndo=0x9d2c00, hdr=, len=) at ./print-wb.c:444 #2 0x00000000004af8ed in ip_print_demux (ndo=ndo@entry=0x9d2c00, ipds=ipds@entry=0x7fffffffca60) at ./print-ip.c:383 #3 0x00000000004acc75 in ip_print (ndo=0x9d2c00, bp=, length=) at ./print-ip.c:650 #4 0x000000000047f18e in ethertype_print (ndo=ndo@entry=0x9d2c00, ether_type=ether_type@entry=2048, p=0x9d40fe "E\020", length=length@entry=436211777, caplen=caplen@entry=50) at ./print-ether.c:323 #5 0x00000000004809b9 in ether_print (ndo=0x9d2c00, p=, length=, caplen=, print_encap_header=print_encap_header@entry=0, encap_header_arg=encap_header_arg@entry=0x0) at ./print-ether.c:222 #6 0x00000000004812e3 in ether_if_print (ndo=, h=, p=) at ./print-ether.c:246 #7 0x000000000040cc46 in print_packet (user=0x7fffffffcd10 "", h=0x7fffffffcbf0, sp=0x9d40f0 "") at ./tcpdump.c:2326 #8 0x00007ffff7ba0c47 in pcap_offline_read (p=0x9d4d90, cnt=-1, callback=0x40cae0 <print_packet>, user=0x7fffffffcd10 "") at ./savefile.c:409 #9 0x00007ffff7b462f8 in pcap_loop (p=0x9d4d90, cnt=-1, callback=0x40cae0 <print_packet>, user=0x7fffffffcd10 "") at ./pcap.c:861 #10 0x000000000040907a in main (argc=, argv=) at ./tcpdump.c:1866 #11 0x00007ffff77a9ead in __libc_start_main () from /lib/x86_64-linux-gnu/libc.so.6 #12 0x000000000040b6b1 in _start ()

##Files:

https://in2void.com/users/kbandla/research/tcpdump/pcaps/8ea0c5df5ab1cdbff08e9d5fa23a5064


# Crash 4
## Stack Trace:

fn_print wb_id wb_print ip_print_demux ip_print ethertype_print ether_print ether_if_print print_packet pcap_offline_read pcap_loop main __libc_start_main _start


## Backtrace details

#0 fn_print (ndo=0x9d2c00, s=0x7ffff80085da <Address 0x7ffff80085da out of bounds>, ep=0x8000f7fb133a <Address 0x8000f7fb133a out of bounds>) at ./util.c:71 #1 0x00000000005c743f in wb_id (len=4294610272, id=, ndo=0x9d2c00) at ./print-wb.c:207 #2 wb_print (ndo=0x9d2c00, hdr=, len=) at ./print-wb.c:419 #3 0x00000000004af8ed in ip_print_demux (ndo=ndo@entry=0x9d2c00, ipds=ipds@entry=0x7fffffffca60) at ./print-ip.c:383 #4 0x00000000004acc75 in ip_print (ndo=0x9d2c00, bp=, length=) at ./print-ip.c:650 #5 0x000000000047f18e in ethertype_print (ndo=ndo@entry=0x9d2c00, ether_type=ether_type@entry=2048, p=0x7ffff7fb101e "g\020u<\234\067@", length=length@entry=570425404, caplen=caplen@entry=86) at ./print-ether.c:323 #6 0x00000000004809b9 in ether_print (ndo=0x9d2c00, p=, length=, caplen=, print_encap_header=print_encap_header@entry=0, encap_header_arg=encap_header_arg@entry=0x0) at ./print-ether.c:222 #7 0x00000000004812e3 in ether_if_print (ndo=, h=, p=) at ./print-ether.c:246 #8 0x000000000040cc46 in print_packet (user=0x7fffffffcd10 "", h=0x7fffffffcbf0, sp=0x7ffff7fb1010 "") at ./tcpdump.c:2326 #9 0x00007ffff7ba0c47 in pcap_offline_read (p=0x9d4d90, cnt=-1, callback=0x40cae0 <print_packet>, user=0x7fffffffcd10 "") at ./savefile.c:409 #10 0x00007ffff7b462f8 in pcap_loop (p=0x9d4d90, cnt=-1, callback=0x40cae0 <print_packet>, user=0x7fffffffcd10 "") at ./pcap.c:861 #11 0x000000000040907a in main (argc=, argv=) at ./tcpdump.c:1866 #12 0x00007ffff77a9ead in __libc_start_main () from /lib/x86_64-linux-gnu/libc.so.6 #13 0x000000000040b6b1 in _start ()

##Files:

https://in2void.com/users/kbandla/research/tcpdump/pcaps/040d3a6eee9efe5a7e427a5e3bdc2385

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment