Describe the bug
Out-of-bounds access while parsing options->services.tcp
In file: /home/sy46/tcpreplay/src/tcpprep.c:252
► 252 if (options->services.tcp[ntohs(tcp_hdr->th_dport)]) {
253 dbgx(1, "TCP packet is destined for a server port: %d", ntohs(tcp_hdr->th_dport));
254 return 1;
255 }
pwndbg> p tcp_hdr
$6 = (tcp_hdr_t *) 0x55555558c3b0
pwndbg> x/8gx 0x55555558c3b0 - 0x30
0x55555558c380: 0x4a004304d7b06c6b 0x9e23fe79e65565d0
0x55555558c390: 0xdbac1ef9e9f4a097 0xaaaaaaaaaaaac081
0x55555558c3a0: 0xaaaaaaaaaaaaaaaa 0xaaaaaaaaaaaa0006
0x55555558c3b0: 0x000300006c6c642e 0x000000000001ec51
try to access options->services.tcp[???]
To Reproduce
Steps to reproduce the behavior:
$ export CC=gcc export CXX=g++
$ export CFLAGS="-g -fsanitize=address" export CXXFLAGS="-g -fsanitize=address"
$ ./autogen.sh
$ ./configure
$ make
Expected behavior
A clear and concise description of what you expected to happen.
Screenshots
System (please complete the following information):
- OS: ubuntu 24.04
- Tcpreplay Version
$ tcpreplay/src/tcpprep --version
tcpprep version: 4.5.2 (build git:v4.5.2-1-g5bf1a6c5)
Copyright 2013-2025 by Fred Klassen <tcpreplay at appneta dot com> - AppNeta
Copyright 2000-2012 by Aaron Turner <aturner at synfin dot net>
The entire Tcpreplay Suite is licensed under the GPLv3
Cache file supported: 04
Not compiled with libdnet.
Compiled against libpcap: 1.10.4
64 bit packet counters: enabled
Verbose printing via tcpdump: enabled
PoC
check_dst_port.zip
./tcpreplay/src/tcpprep -p -o /dev/null -i ./check_dst_port_overflow
Describe the bug
Out-of-bounds access while parsing options->services.tcp
try to access options->services.tcp[???]
To Reproduce
Steps to reproduce the behavior:
Expected behavior
A clear and concise description of what you expected to happen.
Screenshots
System (please complete the following information):
PoC
check_dst_port.zip