[Bug] NULL Pointer Dereference in ports2PORT at portmap.c:112
Opened this issue · 0 comments
bigben-plusplus commented
Describe the bug
There is a NULL Pointer Dereference in ports2PORT when the user passes ill-formatted portmap string to tcprewrite with option -r or --portmap
To Reproduce
Steps to reproduce the behavior:
- download tcpreplay-4.4.4 release and build
wget https://github.com/appneta/tcpreplay/releases/download/v4.4.4/tcpreplay-4.4.4.tar.xz
tar xJf tcpreplay-4.4.4.tar.xz && cd tcpreplay-4.4.4 && ./configure && make -j8 && make install
- inject ill-formatted '--portmap PORT1s-PORT1e:PORT2' to tcprewrite, pragram crashes when PORT1e is absent
[root@b545adff9ebe dev]# tcpprep -c 172.17.0.1/32 -i in.pcap -o in.pcap.cache
[root@b545adff9ebe dev]# tcprewrite -r 1:2 -i in.pcap -c in.pcap.cache -o out.pcap
[root@b545adff9ebe dev]# tcprewrite -r 1-:2 -i in.pcap -c in.pcap.cache -o out.pcap
Segmentation fault (core dumped)
[root@b545adff9ebe dev]#
PS: any valid in.pcap with the given --portmap string may reproduce the case.
Expected behavior
Program crashes with SEGV.
Screenshots
[root@b545adff9ebe dev]# gdb tcprewrite
GNU gdb (GDB) Red Hat Enterprise Linux 7.6.1-120.el7
Copyright (C) 2013 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /usr/local/bin/tcprewrite...done.
(gdb) r -r 1-:2 -i in.pcap -c in.pcap.cache -o out.pcap
Starting program: /usr/local/bin/tcprewrite -r 1-:2 -i in.pcap -c in.pcap.cache -o out.pcap
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff73e4fe7 in ____strtoll_l_internal () from /lib64/libc.so.6
Missing separate debuginfos, use: debuginfo-install glibc-2.17-326.el7_9.3.x86_64 libpcap-1.5.3-13.el7_9.x86_64
(gdb) bt
#0 0x00007ffff73e4fe7 in ____strtoll_l_internal () from /lib64/libc.so.6
#1 0x000000000040685e in ports2PORT (ports=<optimized out>) at portmap.c:112
#2 0x0000000000406c6c in parse_portmap (portmap=portmap@entry=0x633e68,
ourstr=<optimized out>) at portmap.c:191
#3 0x0000000000404618 in tcpedit_post_args (tcpedit=0x6335e0)
at parse_args.c:184
#4 0x000000000040268c in main (argc=0, argv=<optimized out>)
at tcprewrite.c:84
(gdb) info reg
rax 0x7ffff776ff00 140737345158912
rbx 0x634810 6506512
rcx 0x0 0
rdx 0xa 10
rsi 0x7fffffffe588 140737488348552
rdi 0x0 0
rbp 0x0 0x0
rsp 0x7fffffffe520 0x7fffffffe520
r8 0x7ffff7772060 140737345167456
r9 0x6347f1 6506481
r10 0x1 1
r11 0x0 0
r12 0x1 1
r13 0x0 0
r14 0x2 2
r15 0x633010 6500368
rip 0x7ffff73e4fe7 0x7ffff73e4fe7 <____strtoll_l_internal+55>
eflags 0x10283 [ CF SF IF RF ]
cs 0x33 51
ss 0x2b 43
ds 0x0 0
es 0x0 0
fs 0x0 0
gs 0x0 0
(gdb)
System (please complete the following information):
- OS: CentOS Linux release 7.9.2009 (Core)
- Tcpreplay Version: 4.4.4