On Tue, Dec 05, 2000 at 01:42:29PM -0500, Berin, Murat (Murat) wrote:
> I managed to get a log file out of the pppd in linux. However, when I try to
> open the log file in ethereal, I get an error message: "An error occured
> while reading the capture file: Uncompression error: data would overflow
> buffer" Does anybody have any experiance with this?
>
> Murat Berin
The check for uncompression buffer overflow was put in right before 0.8.14
was released, when we were cleaning up potential buffer overflows.
However, there appears to be a small bug in the change made to
pppdump.c; the size of the wrong variable is checked.
I want to do a more thorough review of my pppdump.c code before I replace
the buffer overflow fix with the right check, but it should
be enough for now for you to apply this patch to remove the
buffer overflow check. You can be fairly certain that your pppd isn't
trying to create a bogus log file in an attempt to crash ethereal.
Let me know if you can read your trace file after applying this patch.
--gilbert
Index: pppdump.c
===================================================================
RCS file: /usr/local/cvsroot/ethereal/wiretap/pppdump.c,v
retrieving revision 1.6
retrieving revision 1.5
diff -u -r1.6 -r1.5
--- pppdump.c 2000/11/19 20:56:17 1.6
+++ pppdump.c 2000/11/19 03:47:36 1.5
@@ -1,6 +1,6 @@
/* pppdump.c
*
- * $Id: pppdump.c,v 1.6 2000/11/19 20:56:17 gerald Exp $
+ * $Id: pppdump.c,v 1.5 2000/11/19 03:47:36 guy Exp $
*
* Copyright (c) 2000 by Gilbert Ramirez <gram@xxxxxxxxxx>
*
@@ -332,11 +332,6 @@
pkt->cnt = 0;
if (num_written <= 0) {
return 0;
- }
-
- if (num_written > sizeof(pd)) {
- *err = WTAP_ERR_UNC_OVERFLOW;
- return -1;
}
memcpy(pd, pkt->buf, num_written);
