Wireshark-bugs: [Wireshark-bugs] [Bug 7538] New: Lua Dumper crashes when pcapng is specified for

Date: Fri, 27 Jul 2012 11:28:50 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7538

           Summary: Lua Dumper crashes when pcapng is specified for the
                    capture format
           Product: Wireshark
           Version: SVN
          Platform: x86
        OS/Version: Ubuntu
            Status: NEW
          Severity: Major
          Priority: Low
         Component: TShark
        AssignedTo: bugzilla-admin@xxxxxxxxxxxxx
        ReportedBy: joe@xxxxxxxxxx


Build Information:
TShark 1.9.0 (SVN Rev 44073 from /trunk)

Copyright 1998-2012 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with GLib 2.26.0, with libpcap, with libz 1.2.3.4, with POSIX
capabilities (Linux), without libnl, with SMI 0.4.8, with c-ares 1.7.3, with
Lua
5.1, without Python, with GnuTLS 2.8.6, with Gcrypt 1.4.5, with MIT Kerberos,
with GeoIP.

Running on Linux 2.6.35-22-generic, with locale en_US.UTF-8, with libpcap
version 1.1.1, with libz 1.2.3.4.

Built using gcc 4.4.5.

--
I am using a Lua plugin that is creating a Dumper instance. I have specified
the output format to use pcap-ng (2).

Looks like this:

dump = Dumper.new_for_current(capfile,2)

Now, when I am dealing with pcapng files that contain comments, I am
experiencing a SEGV.

./tshark -r ~/captures/comment.pcapng frame.number == 1


(gdb) backtrace
#0  __strlen_sse2 () at ../sysdeps/x86_64/multiarch/../strlen.S:31
#1  0x00007ffff7b639ab in pcapng_write_enhanced_packet_block (wdh=0x17c2470,
phdr=<value optimized out>, 
    pseudo_header=<value optimized out>, pd=<value optimized out>, err=<value
optimized out>) at pcapng.c:3124
#2  pcapng_dump (wdh=0x17c2470, phdr=<value optimized out>,
pseudo_header=<value optimized out>, 
    pd=<value optimized out>, err=<value optimized out>) at pcapng.c:3402
#3  0x00007ffff5b5943f in Dumper_dump_current (L=0x1639400) at
./wslua_dumper.c:381
#4  0x00007ffff2642bc1 in ?? () from /usr/lib/liblua5.1.so.0
#5  0x00007ffff264d959 in ?? () from /usr/lib/liblua5.1.so.0
#6  0x00007ffff264308d in ?? () from /usr/lib/liblua5.1.so.0
#7  0x00007ffff2642737 in ?? () from /usr/lib/liblua5.1.so.0
#8  0x00007ffff26427b2 in ?? () from /usr/lib/liblua5.1.so.0
#9  0x00007ffff263e1a1 in lua_pcall () from /usr/lib/liblua5.1.so.0
#10 0x00007ffff5b54384 in lua_tap_packet (tapdata=0x16636f0, pinfo=<value
optimized out>, edt=0x7fffffffdbc0, 
    data=<value optimized out>) at ./wslua_listener.c:113
#11 0x00007ffff5116bab in tap_push_tapped_queue (edt=0x7fffffffdbc0) at
tap.c:266
#12 0x0000000000416fb8 in process_packet (cf=0x643940, offset=<value optimized
out>, 
    whdr=<value optimized out>, pseudo_header=0x1677698, pd=0x16bec00 "",
filtering_tap_listeners=0, 
    tap_flags=<value optimized out>) at tshark.c:3073
#13 0x000000000041a69a in load_cap_file (argc=<value optimized out>,
argv=<value optimized out>)
    at tshark.c:2863
#14 main (argc=<value optimized out>, argv=<value optimized out>) at
tshark.c:1753

The root of the problem is the pkthdr->opt_comment which doesn't get
initialized when wslua_dumper.c builds a new wtap_pkthdr. I've fixed the crash
with the patch below, but this does introduce another question. Does the Dumper
have access to any existing comment.


joe@cooley:~/lab2/wireshark/epan/wslua$ svn diff
Index: wslua_dumper.c
===================================================================
--- wslua_dumper.c    (revision 44073)
+++ wslua_dumper.c    (working copy)
@@ -291,6 +291,7 @@

     if (! ba) WSLUA_ARG_ERROR(Dumper_dump,BYTEARRAY,"must be a ByteArray");

+    memset(&pkthdr, 0, sizeof(pkthdr));
     pkthdr.ts.secs = (unsigned)floor(ts);
     pkthdr.ts.nsecs = (unsigned)floor((ts - (double)pkthdr.ts.secs) *
1000000000);

@@ -370,6 +371,7 @@

     tvb = data_src->tvb;

+    memset(&pkthdr, 0, sizeof(pkthdr));
     pkthdr.ts.secs = lua_pinfo->fd->abs_ts.secs;
     pkthdr.ts.nsecs = lua_pinfo->fd->abs_ts.nsecs;
     pkthdr.len  = tvb_reported_length(tvb);
joe@cooley:~/lab2/wireshark/epan/wslua$

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.