Use of uninitialized bytes during TCP reassembly (patch proposal)
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
tcpflow (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: tcpflow
In case TCP packets are truncated, tcpflow puts uninitialized data in the stream.
System: Ubuntu 7.10, tcpflow version: 0.21-11
How to reproduce the bug
At first a file with incomplete packets should be generated. This can be easily done with tcpdump by downloading a file bigger than 100 bytes and by specifying a snaplen of 100 bytes
tcpdump -s100 -i lo -w test.cap. Next tcpflow should use this file.
Based on the source code taken from http://
diff --git a/src/tcpip.c b/src/tcpip.c
index f9e67f6..b02003b 100644
--- a/src/tcpip.c
+++ b/src/tcpip.c
@@ -93,6 +93,7 @@ void process_ip(const u_char *data, u_int32_t caplen)
if (caplen < ip_total_len) {
DEBUG(6) ("warning: captured only %ld bytes of %ld-byte IP datagram",
(long) caplen, (long) ip_total_len);
+ ip_total_len = caplen;
}
/* XXX - throw away everything but fragment 0; this version doesn't
Furthermore it would be nice if the user is notified, even in non - debug mode, about incomplete streams.
Marking as confirmed, patch is included ready for testing. Thank you for your bug report.