------- Forwarded Message
Return-Path: <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED]
Received: from openbsd.cs.colorado.edu (openbsd.cs.colorado.edu [128.138.192.83])
by coconut.itojun.org (Postfix) with ESMTP id C4CE74B21
for <[EMAIL PROTECTED]>; Wed, 18 Jul 2001 01:58:35 +0900 (JST)
Received: from localhost (domo@localhost)
by openbsd.cs.colorado.edu (8.11.4/8.11.4) with SMTP id f6HGw1d03103;
Tue, 17 Jul 2001 10:58:01 -0600 (MDT)
Received: by openbsd.org (TLB v0.11a (1.26 tibbs 1998/09/22 04:41:41)); Tue, 17 Jul
2001 10:50:36 -0600 (MDT)
Received: (from domo@localhost)
by openbsd.cs.colorado.edu (8.11.4/8.11.4) id f6HGoYO22781
for bugs-list; Tue, 17 Jul 2001 10:50:34 -0600 (MDT)
Received: from cvs.openbsd.org (IDENT:[EMAIL PROTECTED] [199.185.137.3])
by openbsd.cs.colorado.edu (8.11.4/8.11.4) with ESMTP id f6HGoMl07591
for <[EMAIL PROTECTED]>; Tue, 17 Jul 2001 10:50:22 -0600 (MDT)
Received: (from gnats@localhost)
by cvs.openbsd.org (8.11.4/8.10.1) id f6HGo3r31123;
Tue, 17 Jul 2001 10:50:03 -0600 (MDT)
Resent-Date: Tue, 17 Jul 2001 10:50:03 -0600 (MDT)
Resent-Message-Id: <[EMAIL PROTECTED]>
Resent-From: [EMAIL PROTECTED] (GNATS Management)
Resent-To: [EMAIL PROTECTED]
Resent-Reply-To: [EMAIL PROTECTED],
Received: "from openbsd.cs.colorado.edu (openbsd.cs.colorado.edu
[128.138.192.83]) by cvs.openbsd.org (8.11.4/8.10.1) with ESMTP id f6HGfnU24002 for"
<[EMAIL PROTECTED]>;,
[EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED],
10:42:[EMAIL PROTECTED] (MDT)
Received: from suxrox.blasted-heath.com (a98217.ntown.com [208.245.98.217])
by openbsd.cs.colorado.edu (8.11.4/8.11.4) with ESMTP id f6HGg0l06622
for <[EMAIL PROTECTED]>; Tue, 17 Jul 2001 10:42:05 -0600 (MDT)
Received: (from jepeway@localhost)
by suxrox.blasted-heath.com (8.11.4/8.11.4) id f6HGfSk29075;
Tue, 17 Jul 2001 12:41:28 -0400 (EDT)
Message-Id: <[EMAIL PROTECTED]>
Date: Tue, 17 Jul 2001 12:41:23 -0400
From: Chris Jepeway <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: user/1945: Alpha tcpdump dumps core decoding AppleTalk DDP packets
Sender: [EMAIL PROTECTED]
Precedence: bulk
X-Loop: [EMAIL PROTECTED]
X-Filter: mailagent [version 3.0 PL73] for [EMAIL PROTECTED]
>Number: 1945
>Category: user
>Synopsis: tcpdump dumps core decoding (some) AppleTalk packets on machines
>where alignment matters
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: bugs
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Tue Jul 17 10:50:02 MDT 2001
>Last-Modified:
>Originator: Chris Jepeway
>Organization:
net
>Release: 1.16 of 2000/10/31
>Environment:
System : OpenBSD 2.9
Architecture: OpenBSD.alpha
Machine : alpha
>Description:
Routines that decode DDP payloads in print-atalk.c are passed
pointers to unaligned buffers. These pointers are dereferenced
as structures, which just doesn't fly on (at least) Alphas.
SPARCs may crash like this, too, I dunno.
>How-To-Repeat:
Sniff some AppleTalk packets on an Alpha. I think any DDP packets
will trigger a core dump in tcpdump. I see the problem when tracing
packets between a Mac and a printer, for example.
>Fix:
One fix is to clone more LBL_ALIGN code. A tested patch is enclosed.
This patch only applies to atalk_print(), which decodes EtherTalk.
Likely, it should be applied to atalk_print_llap(), which decodes
LocalTalk and "UDP-tunnelled AppleTalk," too. However, I don't have
the setup to test atalk_print_llap(), and I wasn't going to submit
a "tested by inspection" patch.
Index: print-atalk.c
===================================================================
RCS file: /cvs/src/usr.sbin/tcpdump/print-atalk.c,v
retrieving revision 1.16
diff -u -r1.16 print-atalk.c
- --- print-atalk.c 2000/10/31 16:06:48 1.16
+++ print-atalk.c 2001/07/17 15:05:31
@@ -118,6 +118,21 @@
ddpskt_string(dp->dstSkt));
bp += ddpSize;
length -= ddpSize;
+#ifdef LBL_ALIGN
+ if ((long)bp & 3) {
+ static u_char *abuf = NULL;
+
+ if (abuf == NULL) {
+ abuf = (u_char *)malloc(snaplen);
+ if (abuf == NULL)
+ error("atalk_print: malloc");
+ }
+ memcpy((char *)abuf, (char *)bp, min(length, snaplen));
+ snapend += abuf - (u_char *)bp;
+ packetp = abuf;
+ bp = abuf;
+ }
+#endif
ddp_print(bp, length, dp->type, snet, dp->srcNode, dp->srcSkt);
}
>Audit-Trail:
>Unformatted:
------- End of Forwarded Message
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
