View Issue Details

IDProjectCategoryView StatusLast Update
0018365CentOS-7libpcappublic2021-12-01 05:09
Reporteryousong Assigned To 
PrioritynormalSeveritymajorReproducibilityalways
Status newResolutionopen 
Product Version7.9.2009 
Summary0018365: libpcap 1.5.3 with distro patch applied writes pcap file with broken pkthdr
DescriptionThe issue was originally reported at https://github.com/the-tcpdump-group/libpcap/issues/1071 .

To summarize, pcap file written with `tcpdump -i any -w a.pcap` will be rejected by tcpdump 4.99 which adds sanity checks on pkthdr struct.

The other issue as analyzed there by @guyharris is that when inspecting the bad pcap file with tcpdump 4.9, it may access 16 bytes of data out of bounds. See https://github.com/the-tcpdump-group/libpcap/issues/1071#issuecomment-980442403
Steps To ReproduceRun the following commands to dump a few packets

  tcpdump -i any -w a.pcap -c 8

Hexdump check on first few bytes of the file. snaplen is 16 bytes bigger than actual len field for each packet header

```
00000000 d4 c3 b2 a1 02 00 04 00 00 00 00 00 00 00 00 00 |................|
00000010 00 00 04 00 71 00 00 00 cb 5e 9f 61 ae 80 04 00 |....q....^.a....|
00000020 c9 03 00 00 b9 03 00 00 00 00 00 01 00 06 ee ff |................|
          ^^ ^^ ^^ ^^ ^^
00000030 ff ff ff ff 00 00 08 00 45 14 03 a9 a7 2e 40 00 |........E.....@.|
          ^^ ^^ ^^ ^^ ^^ ^^
```

TagsNo tags attached.
abrt_hash
URL

Activities

toracat

toracat

2021-12-01 02:58

manager   ~0038756

As you correctly noted in :

https://github.com/the-tcpdump-group/libpcap/issues/1071#issuecomment-982264658

CentOS is a rebuild of the sources used to create RHEL. You will need to submit your request to Red Hat via bugzilla.redhat.com. If/when RH accepts it and incorporates it into RHEL and releases a patched version, then CentOS will pick it up and rebuild it.

However keep in mind that the package is unmodified since 2019. RHEL-7 entered Maintenance Support 2 Phase, meaning that only "Critical and Important" security bugs and "Urgent Priority bugs" will be fixed.
yousong

yousong

2021-12-01 05:09

reporter   ~0038757

Now I also created an entry for RHEL 7: https://bugzilla.redhat.com/show_bug.cgi?id=2027937

Issue History

Date Modified Username Field Change
2021-12-01 02:16 yousong New Issue
2021-12-01 02:58 toracat Note Added: 0038756
2021-12-01 05:09 yousong Note Added: 0038757