Ubuntu
tcpflow package

Use of uninitialized bytes during TCP reassembly (patch proposal)

Bug #245531 reported by Gerard Wagener
4
Affects Status Importance Assigned to Milestone
tcpflow (Ubuntu)
Confirmed
Undecided
Unassigned

Bug Description

Binary package hint: tcpflow

In case TCP packets are truncated, tcpflow puts uninitialized data in the stream.

System: Ubuntu 7.10, tcpflow version: 0.21-11

How to reproduce the bug

At first a file with incomplete packets should be generated. This can be easily done with tcpdump by downloading a file bigger than 100 bytes and by specifying a snaplen of 100 bytes
tcpdump -s100 -i lo -w test.cap. Next tcpflow should use this file.

Based on the source code taken from http://git.debian.org/?p=users/rfrancoise/tcpflow.git and after having applied the patch, 10_extra-opts.diff, I propose the following patch to fix the problem

diff --git a/src/tcpip.c b/src/tcpip.c
index f9e67f6..b02003b 100644
--- a/src/tcpip.c
+++ b/src/tcpip.c
@@ -93,6 +93,7 @@ void process_ip(const u_char *data, u_int32_t caplen)
   if (caplen < ip_total_len) {
     DEBUG(6) ("warning: captured only %ld bytes of %ld-byte IP datagram",
         (long) caplen, (long) ip_total_len);
+ ip_total_len = caplen;
   }

   /* XXX - throw away everything but fragment 0; this version doesn't

Furthermore it would be nice if the user is notified, even in non - debug mode, about incomplete streams.

Revision history for this message
Thomas Hotz (thotz-deactivatedaccount) wrote :

Marking as confirmed, patch is included ready for testing. Thank you for your bug report.

Changed in tcpflow (Ubuntu):
status: New → Confirmed
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.