Ethereal-users: Re: [Ethereal-users] core dump when reading snoop of ldap protocol

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Matt Selsky <selsky@xxxxxxxxxxxx>
Date: Sun, 27 Jul 2003 20:55:26 -0400
I'm using a null DN to do the bind.  The problem appears to be with 
read_string_value()

static int read_string_value(ASN1_SCK *a, proto_tree *tree, int hf_id,
	proto_item **new_item, char **s, int start, guint length)

s = 0 and length = 0

Since length = 0,

    string = "(null)";


But at the end of the function:

  if (s && length)
    *s = string;
  else if (length)
    g_free(string);

s should be set to string, but it's not since s is null.


On Sun, Jul 27, 2003 at 07:21:33PM -0400, Matt Selsky wrote:
> I captured an ldap request using snoop on Solaris9 and then tried to
> read the snoop file in tethereal 0.9.14 and got a segmentation fault.  
> I was able to open the snoop file in 0.9.9 however.
> 
> The segfault occurs during the processing of the "bind request" packet.
> 
> Let me know if it would be helpful to post the problematic packet
> itself.
> 
> Here's a backtrace from the core file:
> 
> (gdb) bt
> #0  0xfef33474 in strlen () from /usr/lib/libc.so.1
> #1  0xfef85798 in _doprnt () from /usr/lib/libc.so.1
> #2  0xfef8777c in vsnprintf () from /usr/lib/libc.so.1
> #3  0x00252bac in col_append_fstr (cinfo=0x5d11e4, el=124, format=0x367000 ", DN=%s") at column-utils.c:271
> #4  0x0011cd8c in dissect_ldap_request_bind (a=0xffbfe618, tree=0x0, tvb=0x6de488, pinfo=0x6de2d8) at packet-ldap.c:903
> #5  0x0011e36c in dissect_ldap_message (tvb=0x6de488, offset=2, pinfo=0x6de2d8, ldap_tree=0x0, ldap_item=0x0, first_time=1) at packet-ldap.c:1602
> #6  0x0011eb88 in dissect_ldap (tvb=0x6de454, pinfo=0x6de2d8, tree=0x0) at packet-ldap.c:2028
> #7  0x00256228 in call_dissector_through_handle (handle=0x64a158, tvb=0x6de454, pinfo=0x6de2d8, tree=0x0) at packet.c:354
> #8  0x002565ec in call_dissector_work (handle=0x64a158, tvb=0x6de454, pinfo=0x6de2d8, tree=0x0) at packet.c:496
> #9  0x002568e8 in dissector_try_port (sub_dissectors=0x0, port=389, tvb=0x6de454, pinfo=0x6de2d8, tree=0x0) at packet.c:712
> #10 0x001f8f3c in decode_tcp_ports (tvb=0x6de454, offset=20, pinfo=0x6de2d8, tree=0x0, src_port=35203, dst_port=35203, nxtseq=4293804594) at packet-tcp.c:2044
> #11 0x001f9ea4 in dissect_tcp (tvb=0x6de420, pinfo=0x6de2d8, tree=0x0) at packet-tcp.c:2461
> #12 0x00256228 in call_dissector_through_handle (handle=0x6517a8, tvb=0x6de420, pinfo=0x6de2d8, tree=0x22) at packet.c:354
> #13 0x002565ec in call_dissector_work (handle=0x6517a8, tvb=0x6de420, pinfo=0x6de2d8, tree=0x0) at packet.c:496
> #14 0x002568e8 in dissector_try_port (sub_dissectors=0x0, port=6, tvb=0x6de420, pinfo=0x6de2d8, tree=0x0) at packet.c:712
> #15 0x000f8fc0 in dissect_ip (tvb=0x6de3ec, pinfo=0x6de2d8, tree=0x0) at packet-ip.c:1092
> #16 0x00256228 in call_dissector_through_handle (handle=0x5dce60, tvb=0x6de3ec, pinfo=0x6de2d8, tree=0x0) at packet.c:354
> #17 0x002565ec in call_dissector_work (handle=0x5dce60, tvb=0x6de3ec, pinfo=0x6de2d8, tree=0x0) at packet.c:496
> #18 0x002568e8 in dissector_try_port (sub_dissectors=0x0, port=2048, tvb=0x6de3ec, pinfo=0x6de2d8, tree=0x0) at packet.c:712
> #19 0x000b2980 in ethertype (etype=2048, tvb=0x6de3b8, offset_after_etype=14, pinfo=0x6de2d8, tree=0x0, fh_tree=0x0, etype_id=2655, trailer_id=2657) at packet-ethertype.c:167
> #20 0x000b24c8 in dissect_eth (tvb=0x6de3b8, pinfo=0x6de2d8, tree=0x0) at packet-eth.c:268
> #21 0x00256228 in call_dissector_through_handle (handle=0x5d3848, tvb=0x6de3b8, pinfo=0x6de2d8, tree=0x0) at packet.c:354
> #22 0x002565ec in call_dissector_work (handle=0x5d3848, tvb=0x6de3b8, pinfo=0x6de2d8, tree=0x0) at packet.c:496
> #23 0x002568e8 in dissector_try_port (sub_dissectors=0x0, port=1, tvb=0x6de3b8, pinfo=0x6de2d8, tree=0x0) at packet.c:712
> #24 0x000c85c4 in dissect_frame (tvb=0x6de3b8, pinfo=0x6de2d8, tree=0x0) at packet-frame.c:179
> #25 0x00256228 in call_dissector_through_handle (handle=0x5d38d8, tvb=0x6de3b8, pinfo=0x6de2d8, tree=0x0) at packet.c:354
> #26 0x002565ec in call_dissector_work (handle=0x5d38d8, tvb=0x6de3b8, pinfo=0x6de2d8, tree=0x0) at packet.c:496
> #27 0x002573a0 in call_dissector (handle=0x5d38d8, tvb=0x6de3b8, pinfo=0x6de2d8, tree=0x0) at packet.c:1255
> #28 0x0025611c in dissect_packet (edt=0x6de2d0, pseudo_header=0x6b7a64, pd=0x6c88f8 "\b", fd=0xffbff818, cinfo=0x5d11e4) at packet.c:310
> #29 0x00254758 in epan_dissect_run (edt=0x6de2d0, pseudo_header=0x6b7a64, data=0x6c88f8 "\b", fd=0xffbff818, cinfo=0x5d11e4) at epan.c:106
> #30 0x0023f850 in wtap_dispatch_cb_print (user=0x5c10c0 "", phdr=0x6b7a50, offset=7201488, pseudo_header=0x6b7a64, buf=0x6c88f8 "\b") at tethereal.c:2217
> #31 0x0024d890 in wtap_loop (wth=0x6b7a38, count=0, callback=0x23f774 <wtap_dispatch_cb_print>, user=0xffbff948 "", err=0xffbff944) at wtap.c:345
> #32 0x0023f260 in load_cap_file (cf=0x5c10c0, out_file_type=2) at tethereal.c:1939
> #33 0x0023e214 in main (argc=65852, argv=0x1012c) at tethereal.c:1232
> 
> _______________________________________________
> Ethereal-users mailing list
> Ethereal-users@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-users