[Ntop-dev] Bug in address.c - long DNS responses???

Burton M. Strauss III Fri, 25 Jan 2002 01:32:13 -0800

Running NTop under gdb - other reasons, don't ask, I found this bug:

I'm guessing it's because the buffer is too small for a maximum-sized UDP
response, but I don't really understand this and thought I would report it,
vs. digging in myself...


-----Burton

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 10251 (LWP 552)]
0x4024edc6 in _ns_name_unpack (msg=0xbe5f5e14 "+I\200", eom=0xbe60f414 "",
src=0xbe600172 "",
    dst=0xbe5f5614 "\002za\nakamaitech\003net", dstsiz=255) at address.c:854
854       while ((n = *srcp++) != 0) {
(gdb) info stack
#0  0x4024edc6 in _ns_name_unpack (msg=0xbe5f5e14 "+I\200", eom=0xbe60f414
"", src=0xbe600172 "",
    dst=0xbe5f5614 "\002za\nakamaitech\003net", dstsiz=255) at address.c:854
#1  0x4024eed3 in _ns_name_uncompress (msg=0xbe5f5e14 "+I\200",
eom=0xbe60f414 "", src=0xbe600172 "",
    dst=0xbe5f5907 "za.akamaitech.net", dstsiz=1010) at address.c:913
#2  0x4024ed50 in dn_expand_ (msg=0xbe5f5e14 "+I\200", eom=0xbe60f414 "",
src=0xbe600172 "",
    dst=0xbe5f5907 "za.akamaitech.net", dstsiz=1010) at address.c:828
#3  0x4024fbdb in handleDNSpacket (ipPtr=0x805f90a "+I\200",
hostPtr=0xbe5f60e4, length=203, isRequest=0xbe5ff630,
    positiveReply=0xbe5ff632) at address.c:1289
#4  0x402654f9 in processDNSPacket (packetData=0x805f90a "+I\200",
length=203, isRequest=0xbe5ff630,
    positiveReply=0xbe5ff632) at protocols.c:571
#5  0x402608bc in processIpPkt (bp=0x805f8ee "E", h=0xbe5ff9b0, length=245,
ether_src=0xbe5ff95a "",
    ether_dst=0xbe5ff954 "", actualDeviceId=0) at pbuf.c:3123
#6  0x402638b2 in processPacket (_deviceId=0x1 <Address 0x1 out of bounds>,
h=0xbe5ff9b0, p=0x805f8e0 "") at pbuf.c:4463
#7  0x40272207 in pcap_read_packet () from /usr/local/lib/libntop-2.so.0
#8  0x4027204e in pcap_read () from /usr/local/lib/libntop-2.so.0
#9  0x40272fd2 in pcap_dispatch () from /usr/local/lib/libntop-2.so.0
#10 0x40258819 in pcapDispatch (_i=0x1) at ntop.c:127
#11 0x404a7d48 in pthread_start_thread (arg=0xbe5ffc00) at manager.c:274
#12 0x404a7d95 in pthread_start_thread_event (arg=0xbe5ffc00) at
manager.c:297
(gdb) list
849       if (srcp < msg || srcp >= eom) {
850         errno = EMSGSIZE;
851         return (-1);
852       }
853       /* Fetch next label in domain name. */
854       while ((n = *srcp++) != 0) {
855         /* Check for indirection. */
856         switch (n & NS_CMPRSFLGS) {
857         case 0:
858           /* Limit checks. */
(gdb) print srcp
$1 = (u_char *) 0xbe600173 ""
(gdb) print msg
$2 = (u_char *) 0xbe5f5e14 "+I\200"
(gdb) print dst
$3 = (u_char *) 0xbe5f5614 "\002za\nakamaitech\003net"
(gdb) print src
$4 = (u_char *) 0xbe600172 ""
(gdb) print dstlim
$5 = (u_char *) 0xbe5f5713 "�TW_�P�$@\024^_�\024�`�r\001`�\aY_��\003"
(gdb) print dstsiz
$6 = 255
(gdb) print n
$7 = -1101046252
(gdb) print/x n
$8 = 0xbe5f5e14
(gdb) cont
Continuing.

And it seems to run fine from here...


_______________________________________________
Ntop-dev mailing list
[EMAIL PROTECTED]
http://listmanager.unipi.it/mailman/listinfo/ntop-dev

[Ntop-dev] Bug in address.c - long DNS responses???

Reply via email to