[Bug 1755648] [NEW] tcptrace crashed with malformed packet

Tue, 13 Mar 2018 19:27:07 -0700 

Public bug reported:

Our Team found a heap buffer overflow bug in tcptrace while fuzzing it
with a malformed packet.

The problem package is https://launchpad.net/ubuntu/+source/tcptrace

Some other information about it:

xxx@ubuntu:~/work$ which tcptrace
/usr/bin/tcptrace


1) The release of Ubuntu you are using, via 'lsb_release -rd' or System -> 
About Ubuntu

Description:    Ubuntu 14.04.5 LTS
Release:        14.04


2) The version of the package you are using, via 'apt-cache policy pkgname' or 
by checking in Software Center

tcptrace:
  Installed: 6.6.7-5
  Candidate: 6.6.7-5
  Version table:
 *** 6.6.7-5 0
        100 /var/lib/dpkg/status
     6.6.7-4.1 0
        500 http://mirrors.aliyun.com/ubuntu/ trusty/universe amd64 Packages

3) What you expected to happen

tcptrace not crash.

4) What happened instead

tcptrace crashed with "Segmentation fault".

The call stack with the crash input is:

#0  0x0000000000417d96 in MemCpy (vp1=0x88b270, vp2=0x7ff47814701e, 
    n=0xfffffffffffcf261) at tcptrace.c:2620
#1  0x0000000000411b8f in callback (user=0x0, phdr=0x7ffea3d60410, 
    buf=0x7ff478147010 "") at tcpdump.c:116
#2  0x00007ff47b52ab71 in ?? () from /usr/lib/x86_64-linux-gnu/libpcap.so.0.8
#3  0x00000000004122aa in pread_tcpdump (ptime=0x674670 <current_time>, 
    plen=0x7ffea3d604f4, ptlen=0x7ffea3d604f8, pphys=0x7ffea3d60520, 
    pphystype=0x7ffea3d604f0, ppip=0x7ffea3d60510, pplast=0x7ffea3d60528)
    at tcpdump.c:247
#4  0x0000000000413b74 in ProcessFile (
    filename=0x7ffea3d6211f "tcptrace-input.dmp") at tcptrace.c:966
#5  0x00000000004134b2 in main (argc=0x1, argv=0x7ffea3d607b8)
    at tcptrace.c:785
#6  0x00007ff47b169ec5 in __libc_start_main (main=0x4132ba <main>, argc=0x2, 
    argv=0x7ffea3d607b8, init=<optimized out>, fini=<optimized out>, 
    rtld_fini=<optimized out>, stack_end=0x7ffea3d607a8) at libc-start.c:287
#7  0x0000000000402469 in _start ()

credit:
ADLab of Venustech

** Affects: tcptrace (Ubuntu)
     Importance: Undecided
         Status: New

** Attachment added: "Crash input packet file"
   
https://bugs.launchpad.net/bugs/1755648/+attachment/5078819/+files/tcptrace-input.dmp

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1755648

Title:
  tcptrace crashed with malformed packet

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/tcptrace/+bug/1755648/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to