NSIS-ka
A free C++ implementation of NSIS protocols

Opened 9 years ago

Last modified 9 years ago

#100 new defect

Bad GIST query w/o NTLP objects crashes gist

Reported by: bless Owned by: bless
Priority: major Milestone:
Component: GIST Version:
Keywords: Cc:

Description (last modified by bless)

The following scapy packet crashes GIST

a=IP(dst="141.3.71.201",options="\x94\x04\x00\x00")/UDP(dport=4)/"\x4e\x04\xbd\xa5\x01\xff\x00\x01\x00\x0c\x00\x00"

Length is 0, but parsing fails badly:

2008-09-17 17:43:23.006-28804- DEBUG /4: GIST Signaling  Received incoming message #3 from TP Module
2008-09-17 17:46:51.394-28804- DEBUG /4: TPqueryEncap    [IPv4catcher] - Listening for RAOs: |0|12
2008-09-17 17:46:51.394-28804- DEBUG /4: TPqueryEncap    [IPv4catcher] - Inspecting RAO value of: 0
2008-09-17 17:46:51.394-28804- DEBUG /4: TPqueryEncap    [IPv4catcher] - magic number matched
2008-09-17 17:46:51.394-28804- DEBUG /4: TPqueryEncap    [IPv4catcher] - I am instructed to intercept packages with this RAO
2008-09-17 17:46:51.394-28804- DEBUG /4: TPqueryEncap    [IPv4catcher] - Incoming interface: eth0, if_index:2
2008-09-17 17:46:51.394-28804- DEBUG /4: TPqueryEncap    [IPv4catcher] - Received packet from: [IP address]: 141.3.71.26:53, UNKNOWN
2008-09-17 17:46:51.395-28804- DEBUG /4: TPqueryEncap    [IPv4catcher] - Sending received UDP packet to signaling module, UDP data length:20
2008-09-17 17:46:51.395-28804- DEBUG /4: TPqueryEncap    [IPv4catcher] - receipt of PDU now complete, sending msg#4 to signaling module
2008-09-17 17:46:51.395-28804- DEBUG /4: GIST Signaling  Received incoming message #4 on Queue
2008-09-17 17:46:51.395-28804- DEBUG /4: GIST Signaling  process_tp_msg() - received message #4 from TP
2008-09-17 17:46:51.395-28804- DEBUG /4: GIST Signaling  process_tp_msg() - received PDU (transport: TPoverQueryEncapsulation) now parsing...
2008-09-17 17:46:51.395-28804- DEBUG /4: GIST Signaling  process_tp_msg() - checking for correct magic number
2008-09-17 17:46:51.395-28804- DEBUG /4: NTLP_IE         started to deserialize known_ntlp_pdu @pos:4 bytes left in buffer:127996
2008-09-17 17:46:51.395-28804- DEBUG /4: NTLP_IE         started to deserialize known_ntlp_object @pos:12 bytes left in buffer:127988
2008-09-17 17:46:51.395-28804- DEBUG /4: NTLP_object     ntlp_object::decodeheader, special class MRI encountered, set subtype: 0
2008-09-17 17:46:51.395-28804- DEBUG /4: NTLP_IE         IEManager::deserialize_known_ntlp_object: found object type 0@pos:12, total object length (incl. header):4
2008-09-17 17:46:51.395-28804- DEBUG /4: NTLP_object     ntlp_object::decodeheader, special class MRI encountered, set subtype: 0
2008-09-17 17:46:51.395-28804**ERROR**2: mri_pc          Unknown IP version: 0
2008-09-17 17:46:51.395-28804**ERROR**2: GIST PDU        Protocol Specific Error objecttype: 0
2008-09-17 17:46:51.395-28804**ERROR**4: NTLP_IE         IEManager::deserialize_known_ntlp_object: did not deserialize object type 0, total object length (incl. header):4
2008-09-17 17:46:51.395-28804**ERROR**2: NTLP_pdu        could not cast to ntlp_object
2008-09-17 17:46:51.395-28804**ERROR**4: NTLP_pdu        ntlp_pdu::deserialize(): no NTLP object deserialized from IE
2008-09-17 17:46:51.396-28804**ERROR**2: NTLP_pdu        read behind PDU content! current position in netmsg buffer:20 started @4 PDU length:12 objbread:8
2008-09-17 17:46:51.396-28804**ERROR**2: GIST PDU        Protocol Specific Error, object type: 0, PDU type: 0
2008-09-17 17:46:51.396-28804- DEBUG /8: NTLPprotocol    process_tp_recv_msg(): deserialization completed (read 12 bytes).
2008-09-17 17:46:51.396-28804**ERROR**4: NTLPprotocol    Errors occured during parsing, generating error pdu
gistka: pdu/mri_pc.cpp:414: virtual size_t ntlp::mri_pathcoupled::get_serialized_size(protlib::IE::coding_t) const: Assertion `false' failed.
Aborted (core dumped)

Change History (1)

comment:1 Changed 9 years ago by bless

  • Description modified (diff)

wrong scapy packet before...

Note: See TracTickets for help on using tickets.