Ethereal-dev: [Ethereal-dev] Bad conversation data in socks dissector
Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.
From: Jeff Foster <jfoste@xxxxxxxxxxxx>
Date: Mon, 8 Jan 2001 12:48:56 -0600
Was - RE: [Ethereal-dev] [grin@xxxxxxxxxxxxxxx: Bug#81164:
ethereal: segfault analysing a tcpdump file (dissect_socks)]
This is ugly, but here goes,
1) A smtp packet is sent with source port = 25 (smtp) and
dest port = 1080 (socks). The TCP sub-dissector lookup
identifies this as smtp and calls dissect_smtp.
2) The smtp dissector creates a conversation.
3) The reply packet,source port=1080 (socks), dest port=25
(smtp), comes along, the TCP sub-dissector identifies this
as a socks packet.
4) The socks dissector checks for a conversation and finds
one. It uses the conversation struct data pointer to get the
connection data, this pointer is NULL because the conversation
was created by the smtp dissector.
5) CRASH.
I will patch the socks dissector to check for a NULL data
pointer in the conversation struct.
The bigger problem, how to keep this cross-talk between
conversational dissectors from happening? I'm suggesting
that all conversation dissectors set the dissector with
the conversation_set_dissector call. This will eliminate
the port based lookups and keep a dissector from seeing
the conversation data of another dissector.
Jeff Foster
jfoste@xxxxxxxxxxxx
-----Original Message-----
From: Jeff Foster
Sent: Monday, January 08, 2001 9:04 AM
To: 'Frederic Peters'; ethereal-dev@xxxxxxxxxxxx
Cc: 81164-forwarded@xxxxxxxxxxxxxxx; Peter Gervai
Subject: RE: [Ethereal-dev] [grin@xxxxxxxxxxxxxxx: Bug#81164: ethereal:
segfault analysing a tcpdump file (dissect_socks)]
As the developer of the ethereal socks dissector I'm a little confused
by the line that cause the segfault. Can I have the pcap dumpfile that
caused the problem, so I can attempt to correct the problem.
Jeff Foster
jfoste@xxxxxxxxxxxx
-----Original Message-----
From: Frederic Peters [mailto:fpeters@xxxxxxxx]
Sent: Sunday, January 07, 2001 3:41 PM
To: ethereal-dev@xxxxxxxxxxxx
Cc: 81164-forwarded@xxxxxxxxxxxxxxx; Peter Gervai
Subject: [Ethereal-dev] [grin@xxxxxxxxxxxxxxx: Bug#81164: ethereal:
segfault analysing a tcpdump file (dissect_socks)]
Hello,
Reported as bug to the Debian bts.
Regards,
Frederic
----- Forwarded message from Peter Gervai <grin@xxxxxxxxxxxxxxx> -----
Date: Thu, 04 Jan 2001 01:04:38 +0100
From: Peter Gervai <grin@xxxxxxxxxxxxxxx>
Subject: Bug#81164: ethereal: segfault analysing a tcpdump file
(dissect_socks)
To: submit@xxxxxxxxxxxxxxx
X-Mailer: bug 3.3.7
Package: ethereal
Version: 0.8.14-1
Severity: normal
Sig11 on a pcap dumpfile.
#0 dissect_socks (pd=0x838d710 "", offset=54, fd=0x84100e0, tree=0x0) at
packet-socks.c:991
991 if (( hash_info->version == 4) || (
hash_info->version == 5)){
(gdb) bt
#0 dissect_socks (pd=0x838d710 "", offset=54, fd=0x84100e0, tree=0x0) at
packet-socks.c:991
#1 0x814fbb5 in dissector_try_port (sub_dissectors=0x82b04c0, port=1080,
tvb=0x834bb88, pinfo=0x82aba60, tree=0x0) at packet.c:1303
#2 0x80f813f in decode_tcp_ports (tvb=0x834bb58, offset=20,
pinfo=0x82aba60, tree=0x0, src_port=1080, dst_port=25) at packet-tcp.c:417
#3 0x80f8886 in dissect_tcp (tvb=0x834bb58, pinfo=0x82aba60, tree=0x0) at
packet-tcp.c:590
#4 0x814fbc8 in dissector_try_port (sub_dissectors=0x82ad948, port=6,
tvb=0x834bb58, pinfo=0x82aba60, tree=0x0) at packet.c:1306
#5 0x80a89be in dissect_ip (tvb=0x834bb28, pinfo=0x82aba60, tree=0x0) at
packet-ip.c:956
#6 0x814fbc8 in dissector_try_port (sub_dissectors=0x82ad7e8, port=2048,
tvb=0x834bb28, pinfo=0x82aba60, tree=0x0) at packet.c:1306
#7 0x809d1f9 in ethertype (etype=2048, tvb=0x834baf8,
offset_after_etype=14, pinfo=0x82aba60, tree=0x0, fh_tree=0x814e19b,
item_id=377) at packet-ethertype.c:114
#8 0x809cfd9 in dissect_eth (tvb=0x834baf8, pinfo=0x82aba60, tree=0x0) at
packet-eth.c:306
#9 0x809dae8 in dissect_frame (tvb=0x834baf8, pinfo=0x82aba60, tree=0x0) at
packet-frame.c:135
#10 0x814f791 in dissect_packet (p_tvb=0x848f990, pseudo_header=0x834bf54,
pd=0x838d710 "", fd=0x84100e0, tree=0x0) at packet.c:1041
#11 0x814dd02 in epan_dissect_new (pseudo_header=0x834bf54, data=0x838d710
"", fd=0x84100e0, tree=0x0) at epan.c:90
#12 0x811684b in add_packet_to_packet_list (fdata=0x84100e0, cf=0x829b7c0,
pseudo_header=0x834bf54, buf=0x838d710 "", refilter=1) at file.c:646
#13 0x8116c0a in read_packet (cf=0x829b7c0, offset=1325504) at file.c:805
#14 0x811619f in read_cap_file (cf=0x829b7c0, err=0xbfffed84) at file.c:356
#15 0x8145cda in file_open_ok_cb (w=0x8343628, fs=0x82ffd80) at
file_dlg.c:191
#16 0x1dc8d1 in gtk_marshal_NONE__NONE () from /usr/lib/libgtk-1.2.so.0
#17 0x20b06c in gtk_signal_remove_emission_hook () from
/usr/lib/libgtk-1.2.so.0
#18 0x20a4d5 in gtk_signal_set_funcs () from /usr/lib/libgtk-1.2.so.0
#19 0x2085b3 in gtk_signal_emit () from /usr/lib/libgtk-1.2.so.0
#20 0x17abe8 in gtk_button_clicked () from /usr/lib/libgtk-1.2.so.0
#21 0x17c20d in gtk_button_get_relief () from /usr/lib/libgtk-1.2.so.0
#22 0x1dc8d1 in gtk_marshal_NONE__NONE () from /usr/lib/libgtk-1.2.so.0
#23 0x20a36f in gtk_signal_set_funcs () from /usr/lib/libgtk-1.2.so.0
#24 0x2085b3 in gtk_signal_emit () from /usr/lib/libgtk-1.2.so.0
#25 0x17ab28 in gtk_button_released () from /usr/lib/libgtk-1.2.so.0
#26 0x17bb78 in gtk_button_get_relief () from /usr/lib/libgtk-1.2.so.0
#27 0x1dc55b in gtk_marshal_BOOL__POINTER () from /usr/lib/libgtk-1.2.so.0
#28 0x20a513 in gtk_signal_set_funcs () from /usr/lib/libgtk-1.2.so.0
#29 0x2085b3 in gtk_signal_emit () from /usr/lib/libgtk-1.2.so.0
#30 0x23e96b in gtk_widget_event () from /usr/lib/libgtk-1.2.so.0
#31 0x1dc4c5 in gtk_propagate_event () from /usr/lib/libgtk-1.2.so.0
#32 0x1db6ee in gtk_main_do_event () from /usr/lib/libgtk-1.2.so.0
#33 0x288067 in gdk_wm_protocols_filter () from /usr/lib/libgdk-1.2.so.0
#34 0x2b82d9 in g_get_current_time () from /usr/lib/libglib-1.2.so.0
#35 0x2b88e3 in g_get_current_time () from /usr/lib/libglib-1.2.so.0
#36 0x2b8a7c in g_main_run () from /usr/lib/libglib-1.2.so.0
#37 0x1dafe7 in gtk_main () from /usr/lib/libgtk-1.2.so.0
#38 0x8135062 in main (argc=1, argv=0xbffffc44) at main.c:1370
#39 0x32be6c in __libc_start_main () from /lib/libc.so.6
(gdb) p conversation
$6 = (conversation_t *) 0x1
(gdb) p hash_info
$7 = (socks_hash_entry_t *) 0x0
969 /* new conversation create local data
structure */
970 else {
971 hash_info = g_mem_chunk_alloc(socks_vals);
972 hash_info->start_done_row = G_MAXINT;
973 hash_info->state = None;
974 hash_info->port = -1;
...
986
987 if (check_col(fd, COL_PROTOCOL))
988 col_set_str(fd, COL_PROTOCOL, "Socks");
989
990 if (check_col(fd, COL_INFO)){
991 if (( hash_info->version == 4) || (
hash_info->version == 5)){
992 col_add_fstr(fd, COL_INFO, "Version: %d",
993 hash_info->version);
994 }
995 else /* unknown version display
error */
Maybe someone forgot to check whether g_mem_chunk_alloc returned allocation
failure?
(Just FYI the pcap listed by tcpdump:
15:41:13.492366 ip 62: a.example.com.1068 > b.example.com.smtp: S
17400728:17400728(0) win 8192 <mss 1460,nop,nop,sackOK> (DF)
15:41:13.493017 ip 62: b.example.com.smtp > a.example.com.1068: S
3218871106:3218871106(0) ack 17400729 win 32120 <mss 1460,nop,nop,sackOK>
15:41:13.497155 ip 60: a.example.com.1068 > b.example.com.smtp: . ack 1 win
8760 (DF)
15:41:15.113379 ip 128: b.example.com.smtp > a.example.com.1068: P 1:75(74)
ack 1 win 32120
15:41:15.121608 ip 69: a.example.com.1068 > b.example.com.smtp: P 1:16(15)
ack 75 win 8686 (DF)
^^^ segfaults here somewhere
15:41:15.122263 ip 54: b.example.com.smtp > a.example.com.1068: . ack 16
win 32120
and it simply isn't socks, maybe that's why the socks analyzer dies on it.)
-- System Information
Debian Release: woody
Kernel Version: Linux Yikes 2.2.17 #5 Wed Oct 11 13:56:51 CEST 2000 i686
unknown
Versions of the packages ethereal depends on:
ii libc6 2.2-6 GNU C Library: Shared libraries and
Timezone
ii libglib1.2 1.2.8-1 The GLib library of C routines
ii libgtk1.2 1.2.8-2 The GIMP Toolkit set of widgets for X
ii libpcap0 0.5.2-2 System interface for user-level packet
captu
ii xlibs 4.0.2-1 X Window System client libraries
ii zlib1g 1.1.3-11 compression library - runtime
----- End forwarded message -----
--
Frederic Peters <fpeters@xxxxxxxx> « Le travail a été ce que l'homme
Debian GNU/Linux : http://www.debian.org a trouvé de mieux pour ne rien
Gaby : http://gaby.netpedia.net faire de sa vie. » R. Vaneigem
_______________________________________________
Ethereal-dev mailing list
Ethereal-dev@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-dev
- Follow-Ups:
- Re: [Ethereal-dev] Bad conversation data in socks dissector
- From: Guy Harris
- Re: [Ethereal-dev] Bad conversation data in socks dissector
- Prev by Date: Re: [Ethereal-dev] Help needed for GUI concept
- Next by Date: [Ethereal-dev] get a protocol id from port number
- Previous by thread: Re: [Ethereal-dev] [grin@xxxxxxxxxxxxxxx: Bug#81164: ethereal: se gfault analysing a tcpdump file (dissect_socks)]
- Next by thread: Re: [Ethereal-dev] Bad conversation data in socks dissector
- Index(es):
