Project

General

Profile

Actions

Bug #14586

open

snoop is crashing with help from stack protector

Added by Toomas Soome 5 months ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Difficulty:
Medium
Tags:
Gerrit CR:

Description

While snooping SMB traffic, snoop is crashing:

root@beastie:/code/illumos-gate/usr/src/cmd/cmd-inet/usr.sbin/snoop# mdb core
Loading modules: [ libumem.so.1 libc.so.1 ld.so.1 ]
> ::tmodel lwp
> ::stack 
libc.so.1`syscall+0x13(fed33be4, 1c, 0, ffff87eb, 8039578, 91239a3)
0xfecb86f2(912ce08, 9123960, 10, 35736e5a, afafaf2f, afafafbf)
interpret_netbios_datagram(403, 9123980, 5a4, 80395b0, 12c, 383365)
interpret_netbios_ses+0x16b(403, 912397c, 5a8, feab3000)
interpret_reserved+0x2f1(403, 6, 1bd, df04, 912397c, 5a8)
interpret_tcp+0xc7(403, 912395c, 5c8, 5c8)
interpret_ip+0x7da(403, 9123948, 5dc, 806d1b0)
interpret_ether+0x743(403, 9119a88, 5ea, 5ea, 5ea, 0)
process_pkt+0xac(9119a70, 9119a88, 1360, 403)
scan+0x266(910d008, fbf8, 1, 0, 0, 8068a0a)
net_read+0x97(910cf48, 10000, 1, 8068a0a, 403)
main+0xbbb(8039edc, fed9f484, 8039f18, 805da0b)
_start_crt+0x9a(4, 8039f44, f36a8c9f, 0, 0, 0)
_start+0x1a(4, 803a038, 803a03e, 803a042, 803a047, 0)
>  ::status
debugging core file of snoop (32-bit) from beastie
file: /code/illumos-gate/usr/src/cmd/cmd-inet/usr.sbin/snoop/snoop
initial argv: snoop not port 22
threading model: raw lwps
status: process panicked
upanic message: *** stack smashing detected
> 

Checking the source, it is obviously needing some serious work to get char array bound checking in place, sprintf() replaced etc. Also it seems, the netbiosname2ascii() is not always doing correct thing:

beastie -> Nazgul.lan   NBT Type=SESSION REQUEST Dest=??1?!??G?????[18] Source=P?.??C?x?A Xȯ?[358] Length=1280

Sometimes it can output CSI to turn terminal unreadable (switch to line-draw glyphs etc).

No data to display

Actions

Also available in: Atom PDF