Wireshark · Ethereal-dev: [Ethereal-dev] Canary checking added to emem.c

Ethereal-dev: [Ethereal-dev] Canary checking added to emem.c

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Gerald Combs <gerald@xxxxxxxxxxxx>

Date: Mon, 09 Jan 2006 17:17:23 -0600

I just checked in a change to emem.c that adds canary values after each
memory allocation.  It should let us identify overflows of any ep_ and
se_ allocated memory.  Hopefully it won't add too much processing
overhead.  If this works, the next step is to place mprotect()ed guard
pages before and after each chunk.

The canaries appear to be doing their job.  Running tethereal against
the capture menagerie turned up a bug in asn1/x509if/x509if.cnf:

==7113== Invalid write of size 1
==7113==    at 0xD7581F: g_strlcat (in /usr/lib/libglib-2.0.so.0.400.8)
==7113==    by 0x4817343: dissect_x509if_RelativeDistinguishedName
(x509if.cnf:213)
==7113==    by 0x48173ED: dissect_RDNSequence_item (x509if.cnf:257)
==7113==    by 0x4366CAE: dissect_ber_sq_of (packet-ber.c:2021)
==7113==    by 0x481747C: dissect_x509if_RDNSequence (x509if.cnf:238)
==7113==    by 0x481755D: dissect_rdnSequence (x509if.cnf:257)
==7113==    by 0x4365A35: dissect_ber_choice (packet-ber.c:1607)
==7113==    by 0x48175B8: dissect_x509if_Name (x509if.cnf:273)
==7113==    by 0x4812251: dissect_directoryName_impl (packet-x509ce-fn.c:7)
==7113==    by 0x4365A35: dissect_ber_choice (packet-ber.c:1607)
==7113==    by 0x481299C: dissect_x509ce_GeneralName (x509ce.cnf:168)
==7113==    by 0x469B731: dissect_pkix1implicit_GeneralName
(packet-pkix1implicit-template.c:61)
==7113==  Address 0x4FDCE58 is 0 bytes after a block of size 64 alloc'd
==7113==    at 0x400446D: malloc (vg_replace_malloc.c:149)
==7113==    by 0xD65C32: g_malloc (in /usr/lib/libglib-2.0.so.0.400.8)
==7113==    by 0x429FD38: ep_alloc (emem.c:216)
==7113==    by 0x481742D: dissect_x509if_RDNSequence (x509if.cnf:235)
==7113==    by 0x481755D: dissect_rdnSequence (x509if.cnf:257)
==7113==    by 0x4365A35: dissect_ber_choice (packet-ber.c:1607)
==7113==    by 0x48175B8: dissect_x509if_Name (x509if.cnf:273)
==7113==    by 0x4812251: dissect_directoryName_impl (packet-x509ce-fn.c:7)
==7113==    by 0x4365A35: dissect_ber_choice (packet-ber.c:1607)
==7113==    by 0x481299C: dissect_x509ce_GeneralName (x509ce.cnf:168)
==7113==    by 0x469B731: dissect_pkix1implicit_GeneralName
(packet-pkix1implicit-template.c:61)
==7113==    by 0x43ACED5: dissect_sender (packet-cmp-fn.c:14)

To generate the valgrind output I had to uncomment EP_DEBUG_FREE and
SE_DEBUG_FREE in epan/emem.c and recompile.  The capture file used was
cmp-trace.pcap.gz on the sample captures page.  I'll take a look at this
tomorrow, time permitting.

Follow-Ups:
- Re: [Ethereal-dev] Canary checking added to emem.c
  - From: Ulf Lamping
- Re: [Ethereal-dev] Canary checking added to emem.c
  - From: Guy Harris

Prev by Date: RE: [Ethereal-dev] Multiple/Recursive PDUs
Next by Date: Re: [Ethereal-dev] [Request for comments]: editcap manpage redesigned - changing other manpages as well?
Previous by thread: Re: [Ethereal-dev] [Request for comments]: editcap manpage redesigned - changing other manpages as well?
Next by thread: Re: [Ethereal-dev] Canary checking added to emem.c
Index(es):
- Date
- Thread