Ethereal-dev: [Ethereal-dev] NFS file name snooping problem?

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: "Dr. Uwe Girlich" <Uwe.Girlich@xxxxxxxxxxx>
Date: Wed, 10 Apr 2002 08:05:15 +0200
Hello!

Ethereal and Tethereral have some problems with the attached capture file. It
contains Portmapper, Mount, and NFS packets and I suspect the file name
snooping code, because with "-o nfs.file_name_snooping:FALSE" everything is
fine.

tethereral dumps core after printing out packet 57 (Portmap V3 GETADDR):
Program received signal SIGSEGV, Segmentation fault.
0x400cef00 in chunk_alloc (ar_ptr=0x40163d60, nb=8200) at malloc.c:2948
2948    malloc.c: Datei oder Verzeichnis nicht gefunden.
(gdb) where
#0  0x400cef00 in chunk_alloc (ar_ptr=0x40163d60, nb=8200) at malloc.c:2948
#1  0x400ce5ce in __libc_malloc (bytes=8192) at malloc.c:2696
#2  0x40032236 in g_malloc () from /usr/lib/libglib-1.2.so.0
#3  0x8180ed2 in fgetline (buf=0x82f1334, size=0x82f1330, fp=0x838c7e0) at resolv.c:388
#4  0x818119d in get_ethent (six_bytes=1) at resolv.c:528
#5  0x81812a8 in get_ethbyaddr (addr=0x8370e80 "ÿÿÿÿÿÿ\b") at resolv.c:573
#6  0x81815c2 in eth_name_lookup (addr=0x8370e80 "ÿÿÿÿÿÿ\b") at resolv.c:745
#7  0x8181dd2 in get_ether_name (addr=0x8370e80 "ÿÿÿÿÿÿ\b") at resolv.c:1212
#8  0x817b2a3 in col_set_addr (pinfo=0x8383470, col=3, addr=0x83834bc, is_res=1, is_src=0) at column-utils.c:383
#9  0x817b9a6 in fill_in_columns (pinfo=0x8383470) at column-utils.c:601
#10 0x817bc5b in epan_dissect_fill_in_columns (edt=0x8383468) at epan.c:137
#11 0x816e1e6 in wtap_dispatch_cb_print (user=0xbffff5a8 " Ì/\b", phdr=0x835deb8, offset=8746, pseudo_header=0x835decc, 
    buf=0x8370e80 "ÿÿÿÿÿÿ\b") at tethereal.c:1439
#12 0x817733d in wtap_loop (wth=0x835dea0, count=0, callback=0x816e0c4 <wtap_dispatch_cb_print>, user=0xbffff5a8 " Ì/\b", 
    err=0xbffff5b0) at wtap.c:301
#13 0x816dd65 in load_cap_file (cf=0x82fcc20, out_file_type=2) at tethereal.c:1176
#14 0x816d361 in main (argc=3, argv=0xbffff744) at tethereal.c:738

"tethereal -V" already dumps core after printing out packet 33 (MOUNT V3 MNT):
Program received signal SIGSEGV, Segmentation fault.
chunk_free (ar_ptr=0x40163d60, p=0x83a84a8) at malloc.c:3049
3049    malloc.c: Datei oder Verzeichnis nicht gefunden.
(gdb) where
#0  chunk_free (ar_ptr=0x40163d60, p=0x83a84a8) at malloc.c:3049
#1  0x400cefba in __libc_free (mem=0x83a84b0) at malloc.c:3023
#2  0x4003235d in g_free () from /usr/lib/libglib-1.2.so.0
#3  0x81868c3 in string_fvalue_free (fv=0x8385970) at ftype-string.c:40
#4  0x81854c3 in fvalue_free (fv=0x8385970) at ftypes.c:231
#5  0x817deed in free_node_field_info (finfo=0x8384d78) at proto.c:322
#6  0x817df17 in proto_tree_free_node (node=0x8383b84, data=0x0) at proto.c:339
#7  0x40035612 in g_node_traverse_in_order () from /usr/lib/libglib-1.2.so.0
#8  0x400355ec in g_node_traverse_in_order () from /usr/lib/libglib-1.2.so.0
#9  0x400355ec in g_node_traverse_in_order () from /usr/lib/libglib-1.2.so.0
#10 0x400355ec in g_node_traverse_in_order () from /usr/lib/libglib-1.2.so.0
#11 0x400359b6 in g_node_traverse () from /usr/lib/libglib-1.2.so.0
#12 0x817de6e in proto_tree_free (tree=0x8383a08) at proto.c:280
#13 0x817bc16 in epan_dissect_free (edt=0x8383468) at epan.c:113
#14 0x816e3ea in wtap_dispatch_cb_print (user=0xbffff598 " Ì/\b", phdr=0x835deb8, offset=4744, pseudo_header=0x835decc, 
    buf=0x8370e80 "\b") at tethereal.c:1649
#15 0x817733d in wtap_loop (wth=0x835dea0, count=0, callback=0x816e0c4 <wtap_dispatch_cb_print>, user=0xbffff598 " Ì/\b", 
    err=0xbffff5a0) at wtap.c:301
#16 0x816dd65 in load_cap_file (cf=0x82fcc20, out_file_type=2) at tethereal.c:1176
#17 0x816d361 in main (argc=4, argv=0xbffff734) at tethereal.c:738

I suspect a double free() or similar stuff, which destroyed the malloc-table.

Bye, Uwe

Attachment: nfs-fnsnoop.pcap.gz
Description: GNU Zip compressed data