bin/76497: tcpdump dumps core on ppp ipv6cp packets
Giorgos Keramidas
keramida at freebsd.org
Thu Jan 20 09:30:31 PST 2005
The following reply was made to PR bin/76497; it has been noted by GNATS.
From: Giorgos Keramidas <keramida at freebsd.org>
To: Janos Mohacsi <janos.mohacsi at bsd.hu>
Cc: bug-followup at freebsd.org, matthias.andree at web.de
Subject: Re: bin/76497: tcpdump dumps core on ppp ipv6cp packets
Date: Thu, 20 Jan 2005 19:29:15 +0200
On 2005-01-20 13:14, Janos Mohacsi <mohacsi at niif.hu> wrote:
> Try to read into the tcpdump the attached uuencoded ip6cp packet.
>
> begin 644 ip6cp_packet
> MU,.RH0(`!````````````/__```!````$%'O02,!!@`\````/``````"/SM!
> M^@`*0DOL'(AD$0#=^P`0@%<!`0`.`0H``````````0``````````````````
> *````````````````
> `
> end
True!
This makes tcpdump segfault in CURRENT too. Building an unstripped,
debug version of tcpdump gives:
% (gdb) bt
% #0 0x00000000 in ?? ()
% #1 0x0806d194 in handle_ctrl_proto (proto=32855, pptr=0x8184018 "\001\001", length=14)
% at /usr/src/usr.sbin/tcpdump/tcpdump/../../../contrib/tcpdump/print-ppp.c:447
% #2 0x0806e477 in handle_ppp (proto=0, p=0x8184018 "\001\001", length=14)
% at /usr/src/usr.sbin/tcpdump/tcpdump/../../../contrib/tcpdump/print-ppp.c:1064
% #3 0x0806e5fb in ppp_print (p=0x8184018 "\001\001", length=14)
% at /usr/src/usr.sbin/tcpdump/tcpdump/../../../contrib/tcpdump/print-ppp.c:1146
% #4 0x0806eac0 in pppoe_print (bp=0x8184010 "\021", length=46)
% at /usr/src/usr.sbin/tcpdump/tcpdump/../../../contrib/tcpdump/print-pppoe.c:212
% #5 0x0805aacf in ether_encap_print (ether_type=34916, p=0x8184010 "\021", length=46, caplen=46, extracted_ether_type=0xbfbfe73a)
% at /usr/src/usr.sbin/tcpdump/tcpdump/../../../contrib/tcpdump/print-ether.c:257
% #6 0x0805a5e1 in ether_print (p=0x8184010 "\021", length=46, caplen=46)
% at /usr/src/usr.sbin/tcpdump/tcpdump/../../../contrib/tcpdump/print-ether.c:142
% #7 0x0805a723 in ether_if_print (h=0x0, p=0x8184002 "")
% at /usr/src/usr.sbin/tcpdump/tcpdump/../../../contrib/tcpdump/print-ether.c:162
% #8 0x08083724 in print_packet (user=0x0, h=0xbfbfe7e0, sp=0x8184002 "")
% at /usr/src/usr.sbin/tcpdump/tcpdump/../../../contrib/tcpdump/tcpdump.c:1010
% #9 0x280d69a6 in pcap_offline_read () from /usr/lib/libpcap.so.3
% #10 0x280e2750 in pcap_loop () from /usr/lib/libpcap.so.3
% #11 0x0808321f in main (argc=3, argv=0x80836f0) at /usr/src/usr.sbin/tcpdump/tcpdump/../../../contrib/tcpdump/tcpdump.c:803
More information about the freebsd-bugs
mailing list