Ethereal-dev: [Ethereal-dev] NFS file name snooping problem?

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: "Dr. Uwe Girlich" <Uwe.Girlich@xxxxxxxxxxx>
Date: Wed, 10 Apr 2002 08:05:15 +0200
Hello!

Ethereal and Tethereral have some problems with the attached capture file. It
contains Portmapper, Mount, and NFS packets and I suspect the file name
snooping code, because with "-o nfs.file_name_snooping:FALSE" everything is
fine.

tethereral dumps core after printing out packet 57 (Portmap V3 GETADDR):
Program received signal SIGSEGV, Segmentation fault.
0x400cef00 in chunk_alloc (ar_ptr=0x40163d60, nb=8200) at malloc.c:2948
2948    malloc.c: Datei oder Verzeichnis nicht gefunden.
(gdb) where
#0  0x400cef00 in chunk_alloc (ar_ptr=0x40163d60, nb=8200) at malloc.c:2948
#1  0x400ce5ce in __libc_malloc (bytes=8192) at malloc.c:2696
#2  0x40032236 in g_malloc () from /usr/lib/libglib-1.2.so.0
#3  0x8180ed2 in fgetline (buf=0x82f1334, size=0x82f1330, fp=0x838c7e0) at resolv.c:388
#4  0x818119d in get_ethent (six_bytes=1) at resolv.c:528
#5  0x81812a8 in get_ethbyaddr (addr=0x8370e80 "������\b") at resolv.c:573
#6  0x81815c2 in eth_name_lookup (addr=0x8370e80 "������\b") at resolv.c:745
#7  0x8181dd2 in get_ether_name (addr=0x8370e80 "������\b") at resolv.c:1212
#8  0x817b2a3 in col_set_addr (pinfo=0x8383470, col=3, addr=0x83834bc, is_res=1, is_src=0) at column-utils.c:383
#9  0x817b9a6 in fill_in_columns (pinfo=0x8383470) at column-utils.c:601
#10 0x817bc5b in epan_dissect_fill_in_columns (edt=0x8383468) at epan.c:137
#11 0x816e1e6 in wtap_dispatch_cb_print (user=0xbffff5a8 " �/\b", phdr=0x835deb8, offset=8746, pseudo_header=0x835decc, 
    buf=0x8370e80 "������\b") at tethereal.c:1439
#12 0x817733d in wtap_loop (wth=0x835dea0, count=0, callback=0x816e0c4 <wtap_dispatch_cb_print>, user=0xbffff5a8 " �/\b", 
    err=0xbffff5b0) at wtap.c:301
#13 0x816dd65 in load_cap_file (cf=0x82fcc20, out_file_type=2) at tethereal.c:1176
#14 0x816d361 in main (argc=3, argv=0xbffff744) at tethereal.c:738

"tethereal -V" already dumps core after printing out packet 33 (MOUNT V3 MNT):
Program received signal SIGSEGV, Segmentation fault.
chunk_free (ar_ptr=0x40163d60, p=0x83a84a8) at malloc.c:3049
3049    malloc.c: Datei oder Verzeichnis nicht gefunden.
(gdb) where
#0  chunk_free (ar_ptr=0x40163d60, p=0x83a84a8) at malloc.c:3049
#1  0x400cefba in __libc_free (mem=0x83a84b0) at malloc.c:3023
#2  0x4003235d in g_free () from /usr/lib/libglib-1.2.so.0
#3  0x81868c3 in string_fvalue_free (fv=0x8385970) at ftype-string.c:40
#4  0x81854c3 in fvalue_free (fv=0x8385970) at ftypes.c:231
#5  0x817deed in free_node_field_info (finfo=0x8384d78) at proto.c:322
#6  0x817df17 in proto_tree_free_node (node=0x8383b84, data=0x0) at proto.c:339
#7  0x40035612 in g_node_traverse_in_order () from /usr/lib/libglib-1.2.so.0
#8  0x400355ec in g_node_traverse_in_order () from /usr/lib/libglib-1.2.so.0
#9  0x400355ec in g_node_traverse_in_order () from /usr/lib/libglib-1.2.so.0
#10 0x400355ec in g_node_traverse_in_order () from /usr/lib/libglib-1.2.so.0
#11 0x400359b6 in g_node_traverse () from /usr/lib/libglib-1.2.so.0
#12 0x817de6e in proto_tree_free (tree=0x8383a08) at proto.c:280
#13 0x817bc16 in epan_dissect_free (edt=0x8383468) at epan.c:113
#14 0x816e3ea in wtap_dispatch_cb_print (user=0xbffff598 " �/\b", phdr=0x835deb8, offset=4744, pseudo_header=0x835decc, 
    buf=0x8370e80 "\b") at tethereal.c:1649
#15 0x817733d in wtap_loop (wth=0x835dea0, count=0, callback=0x816e0c4 <wtap_dispatch_cb_print>, user=0xbffff598 " �/\b", 
    err=0xbffff5a0) at wtap.c:301
#16 0x816dd65 in load_cap_file (cf=0x82fcc20, out_file_type=2) at tethereal.c:1176
#17 0x816d361 in main (argc=4, argv=0xbffff734) at tethereal.c:738

I suspect a double free() or similar stuff, which destroyed the malloc-table.

Bye, Uwe

Attachment: nfs-fnsnoop.pcap.gz
Description: GNU Zip compressed data