Wireshark · Ethereal-dev: Re: [ethereal-dev] SIGSEGV in strlen() -> packet-smb.c:9023

Ethereal-dev: Re: [ethereal-dev] SIGSEGV in strlen() -> packet-smb.c:9023

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Florian Lohoff <flo@xxxxxxxxxx>

Date: Thu, 25 Nov 1999 18:25:57 +0100

On Thu, Nov 25, 1999 at 11:12:46AM -0600, Gilbert Ramirez wrote:
> On Thu, Nov 25, 1999 at 03:12:54PM +0100, Florian Lohoff wrote:
> > 
> > I can reproduce this easily - Out lan seems to be full
> > of this Frames :)
> 
> Can you make small trace using tcpdump (using the -s and -w flags), 
> load it into ethereal, and if it fails, send it us?

*Grin* I have a trace (140k) which triggers the bug - Currently i have
no clue WHICH packet triggers it so i could easily filter it out
and or do a new trace with "tcpdump" ...

The trace contains some "pw protected" http traffic so i wouldnt like
to give it out. 

Ok - I debugged into ethereal until i got some more infos on the 
wrong packet ...

(gdb) run
Starting program: /tmp/ethereal-0.7.8/ethereal 

Breakpoint 2, dissect_transact_smb (pd=0x81d1838 "", offset=64, fd=0x81d4288, parent=0x0, tree=0x76, si={tid = 134893952, uid = 4, mid = 0, pid = 0, conversation = 0x0, request_val = 0x40005fe1}, max_data=-72548351, SMB_offset=135836632, errcode=135790592, dirn=-1073749980) at packet-smb.c:9096
(gdb) print *fd
$3 = {next = 0x0, prev = 0x0, num = 1, pkt_len = 150, cap_len = 150, rel_secs = 118, rel_usecs = 97, abs_secs = 943523947, abs_usecs = 237211, del_secs = 116, del_usecs = 109, file_off = 40, cinfo = 0x816aeb4, row = 49, lnk_t = 1, passed_dfilter = 1076958832, encoding = CHAR_ASCII, pseudo_header = {x25 = {flags = 0 '\000'}, ngsniffer_atm = {AppTrafType = 0 '\000', AppHLType = 0 '\000', Vpi = 0, Vci = 0, channel = 0, cells = 0, aal5t_u2u = 0, aal5t_len = 0, aal5t_chksum = 0}, ascend = {type = 0, user = '\000' <repeats 26 times>, "\004\000\000\000øD\035\b", '\000' <repeats 29 times>, sess = 0, call_num = "\000\000\000\000\004\000\000\000(E\035\b", '\000' <repeats 40 times>, "\004\000\000\000XE\035\b\000\000\000", chunk = 0, task = 0}, lapd = {from_network_to_user = 0}}}
(gdb)

Then i extracted all packets with the len of "150" from the dump by

/usr/sbin/tcpdump -x -r SMB-BugTrigger len == 150 -w f

The resulting file (2 packets) is attached ...

Flo
-- 
Florian Lohoff		flo@xxxxxxxxxx		      	+49-5241-470566
  ...  The failure can be random; however, when it does occur, it is
  catastrophic and is repeatable  ...             Cisco Field Notice

Attachment: buggy-packets
Description: Binary data

References:
- [ethereal-dev] SIGSEGV in strlen() -> packet-smb.c:9023
  - From: Florian Lohoff
- Re: [ethereal-dev] SIGSEGV in strlen() -> packet-smb.c:9023
  - From: Richard Sharpe
- Re: [ethereal-dev] SIGSEGV in strlen() -> packet-smb.c:9023
  - From: Florian Lohoff
- Re: [ethereal-dev] SIGSEGV in strlen() -> packet-smb.c:9023
  - From: Gilbert Ramirez

Prev by Date: Re: [ethereal-dev] SIGSEGV in strlen() -> packet-smb.c:9023
Next by Date: [ethereal-dev] Display filter GtkCombo
Previous by thread: Re: [ethereal-dev] SIGSEGV in strlen() -> packet-smb.c:9023
Next by thread: Re: [ethereal-dev] SIGSEGV in strlen() -> packet-smb.c:9023
Index(es):
- Date
- Thread

Riverbed Cascade Pilot: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed Cascade Pilot Personal Edition: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed AirPcap: Complete Visibility of Your Wireless Networks; Multi-Channel, Aggregated Analysis; Portable and Versatile; Easy to Setup and Easy to Use; Ready to Power Your Application

$Riverbed TurboCap: Full-Speed GbE Capture; Port Aggregation; Pass-thru Mode; Aggregating Tap; Full-Speed GbE Injection; Exported Interfaces; TurboCap API Developer\'s Pack$