Subject: bin/3799: Some NFSv2 packets cause tcpdump to abort
To: None <gnats-bugs@gnats.netbsd.org>
From: Azuma OKAMOTO <lfo@sayori.dais.is.tohoku.ac.jp>
List: netbsd-bugs
Date: 06/27/1997 13:34:27
>Number: 3799
>Category: bin
>Synopsis: Some NFSv2 packets cause tcpdump to abort
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: bin-bug-people (Utility Bug People)
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Thu Jun 26 21:50:02 1997
>Last-Modified:
>Originator: Azuma OKAMOTO
>Organization:
Tohoku University, JAPAN
>Release: NetBSD-1.2 and later
>Environment:
System: NetBSD ellen.dais.is.tohoku.ac.jp 1.2F NetBSD 1.2F (LFO) #6: Mon Jun 9 19:42:25 JST 1997 lfo@ellen.dais.is.tohoku.ac.jp:/usr/src/sys/arch/i386/compile/LFO i386
>Description:
In tcpdump/print-nfs.c nfsreq_print():
int proc, v3;
:
proc = ntohl(rp->rm_call.cb_proc);
if (!v3 && proc < NFS_NPROCS)
proc = nfsv3_procid[proc];
At this point, tcpdump dumps core if "v3" is 0 and "proc" < 0.
>How-To-Repeat:
Run tcpdump, and receive NFSv2 packet (from Solaris2 ??).
>Fix:
--- tcpdump/print-nfs.c.ORIG Sun Mar 16 21:31:20 1997
+++ tcpdump/print-nfs.c Thu Jun 26 04:35:29 1997
@@ -379,7 +379,8 @@
register const u_int32 *dp;
register const u_char *ep;
nfstype type;
- int proc, v3;
+ u_int32 proc;
+ int v3;
struct nfsv3_sattr sa3;
#define TCHECK(p, l) if ((u_char *)(p) > ep - l) break
>Audit-Trail:
>Unformatted: