https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7538
Summary: Lua Dumper crashes when pcapng is specified for the
capture format
Product: Wireshark
Version: SVN
Platform: x86
OS/Version: Ubuntu
Status: NEW
Severity: Major
Priority: Low
Component: TShark
AssignedTo: bugzilla-admin@xxxxxxxxxxxxx
ReportedBy: joe@xxxxxxxxxx
Build Information:
TShark 1.9.0 (SVN Rev 44073 from /trunk)
Copyright 1998-2012 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled (64-bit) with GLib 2.26.0, with libpcap, with libz 1.2.3.4, with POSIX
capabilities (Linux), without libnl, with SMI 0.4.8, with c-ares 1.7.3, with
Lua
5.1, without Python, with GnuTLS 2.8.6, with Gcrypt 1.4.5, with MIT Kerberos,
with GeoIP.
Running on Linux 2.6.35-22-generic, with locale en_US.UTF-8, with libpcap
version 1.1.1, with libz 1.2.3.4.
Built using gcc 4.4.5.
--
I am using a Lua plugin that is creating a Dumper instance. I have specified
the output format to use pcap-ng (2).
Looks like this:
dump = Dumper.new_for_current(capfile,2)
Now, when I am dealing with pcapng files that contain comments, I am
experiencing a SEGV.
./tshark -r ~/captures/comment.pcapng frame.number == 1
(gdb) backtrace
#0 __strlen_sse2 () at ../sysdeps/x86_64/multiarch/../strlen.S:31
#1 0x00007ffff7b639ab in pcapng_write_enhanced_packet_block (wdh=0x17c2470,
phdr=<value optimized out>,
pseudo_header=<value optimized out>, pd=<value optimized out>, err=<value
optimized out>) at pcapng.c:3124
#2 pcapng_dump (wdh=0x17c2470, phdr=<value optimized out>,
pseudo_header=<value optimized out>,
pd=<value optimized out>, err=<value optimized out>) at pcapng.c:3402
#3 0x00007ffff5b5943f in Dumper_dump_current (L=0x1639400) at
./wslua_dumper.c:381
#4 0x00007ffff2642bc1 in ?? () from /usr/lib/liblua5.1.so.0
#5 0x00007ffff264d959 in ?? () from /usr/lib/liblua5.1.so.0
#6 0x00007ffff264308d in ?? () from /usr/lib/liblua5.1.so.0
#7 0x00007ffff2642737 in ?? () from /usr/lib/liblua5.1.so.0
#8 0x00007ffff26427b2 in ?? () from /usr/lib/liblua5.1.so.0
#9 0x00007ffff263e1a1 in lua_pcall () from /usr/lib/liblua5.1.so.0
#10 0x00007ffff5b54384 in lua_tap_packet (tapdata=0x16636f0, pinfo=<value
optimized out>, edt=0x7fffffffdbc0,
data=<value optimized out>) at ./wslua_listener.c:113
#11 0x00007ffff5116bab in tap_push_tapped_queue (edt=0x7fffffffdbc0) at
tap.c:266
#12 0x0000000000416fb8 in process_packet (cf=0x643940, offset=<value optimized
out>,
whdr=<value optimized out>, pseudo_header=0x1677698, pd=0x16bec00 "",
filtering_tap_listeners=0,
tap_flags=<value optimized out>) at tshark.c:3073
#13 0x000000000041a69a in load_cap_file (argc=<value optimized out>,
argv=<value optimized out>)
at tshark.c:2863
#14 main (argc=<value optimized out>, argv=<value optimized out>) at
tshark.c:1753
The root of the problem is the pkthdr->opt_comment which doesn't get
initialized when wslua_dumper.c builds a new wtap_pkthdr. I've fixed the crash
with the patch below, but this does introduce another question. Does the Dumper
have access to any existing comment.
joe@cooley:~/lab2/wireshark/epan/wslua$ svn diff
Index: wslua_dumper.c
===================================================================
--- wslua_dumper.c (revision 44073)
+++ wslua_dumper.c (working copy)
@@ -291,6 +291,7 @@
if (! ba) WSLUA_ARG_ERROR(Dumper_dump,BYTEARRAY,"must be a ByteArray");
+ memset(&pkthdr, 0, sizeof(pkthdr));
pkthdr.ts.secs = (unsigned)floor(ts);
pkthdr.ts.nsecs = (unsigned)floor((ts - (double)pkthdr.ts.secs) *
1000000000);
@@ -370,6 +371,7 @@
tvb = data_src->tvb;
+ memset(&pkthdr, 0, sizeof(pkthdr));
pkthdr.ts.secs = lua_pinfo->fd->abs_ts.secs;
pkthdr.ts.nsecs = lua_pinfo->fd->abs_ts.nsecs;
pkthdr.len = tvb_reported_length(tvb);
joe@cooley:~/lab2/wireshark/epan/wslua$
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.