This list is for all discussion, questions, and help for compiling, using, and enhancing tcpreplay and it's associated applications.

Anderson, Michael | 27 Jun 2012 20:30

tcpprep 3.4.3 - buffer overflow detected

Tcpprep returns a "buffer overflow detected" error message when using tcpprep 3.4.3 on Ubuntu 12.04
LTS.  The pcap file was captured with Wireshark 1.6.2 on Windows 7.  (Should I use a different version of Wireshark?)

The pcap file is attached, the error message is below, along with additional details.

$ tcpprep --port --cachefile=example.cache --pcap=example.pcap 

*** buffer overflow detected ***: tcpprep terminated
======= Backtrace: =========
/lib/i386-linux-gnu/libc.so.6(__fortify_fail+0x45)[0xb7713dd5]
/lib/i386-linux-gnu/libc.so.6(+0xfebaa)[0xb7712baa]
/lib/i386-linux-gnu/libc.so.6(+0xfe0d2)[0xb77120d2]
tcpprep[0x804fd38]$ tcpprep -V
tcpprep version: 3.4.3 (build 2375)
Copyright 2001-2009 by Aaron Turner <aturner at synfin dot net>
Cache file supported: 04
Not compiled with libdnet.
Compiled against libpcap: 1.1.1
64 bit packet counters: enabled
Verbose printing via tcpdump: enabled
tcpprep[0x804a740]
/lib/i386-linux-gnu/libc.so.6(__libc_start_main+0xf3)[0xb762d4d3]
tcpprep[0x804ac25]i
======= Memory map: ========
08048000-08098000 r-xp 00000000 08:01 27271718   /usr/bin/tcpprep
08098000-08099000 r--p 0004f000 08:01 27271718   /usr/bin/tcpprep
08099000-0809b000 rw-p 00050000 08:01 27271718   /usr/bin/tcpprep
0809b000-080bc000 rw-p 00000000 00:00 0 
09d8e000-09daf000 rw-p 00000000 00:00 0          [heap]
b75e5000-b7601000 r-xp 00000000 08:01 9175988    /lib/i386-linux-gnu/libgcc_s.so.1

(Continue reading)

headers

Aaron Turner | 27 Jun 2012 20:35

Re: tcpprep 3.4.3 - buffer overflow detected

Without debug enabled (./configure --enable-debug) I can't tell what's
going on, but I suspect you're running into this bug
http://tcpreplay.synfin.net/ticket/418

which was fixed in 3.4.4.  Try upgrading, and if that doesn't work,
compile in debug and send me the backtrace from that.

Regards,
Aaron

On Wed, Jun 27, 2012 at 11:30 AM, Anderson, Michael
<mbanders <at> qca.qualcomm.com> wrote:
> Tcpprep returns a "buffer overflow detected" error message when using tcpprep 3.4.3 on Ubuntu 12.04
LTS.  The pcap file was captured with Wireshark 1.6.2 on Windows 7.  (Should I use a different version of Wireshark?)
>
> The pcap file is attached, the error message is below, along with additional details.
>
> $ tcpprep --port --cachefile=example.cache --pcap=example.pcap
>
> *** buffer overflow detected ***: tcpprep terminated
> ======= Backtrace: =========
> /lib/i386-linux-gnu/libc.so.6(__fortify_fail+0x45)[0xb7713dd5]
> /lib/i386-linux-gnu/libc.so.6(+0xfebaa)[0xb7712baa]
> /lib/i386-linux-gnu/libc.so.6(+0xfe0d2)[0xb77120d2]
> tcpprep[0x804fd38]$ tcpprep -V
> tcpprep version: 3.4.3 (build 2375)
> Copyright 2001-2009 by Aaron Turner <aturner at synfin dot net>
> Cache file supported: 04
> Not compiled with libdnet.
> Compiled against libpcap: 1.1.1

(Continue reading)