#!/usr/bin/env bash # -*- coding: utf-8 -*- # # dissector_fuzz.sh -- fuzz test netsniff-ng's dissector and pcap io methods # with shitty pcap example files from the Wireshark archive # # Copyright (C) 2012 Daniel Borkmann # Copyright (C) 2012 Stefan Seering # # Note: build and *install* the toolkit first before running this script! # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 as # published by the Free Software Foundation. set -u if [ ${BASH_VERSINFO} -lt 3 ] ; then echo 'Error: Your bash need to be version 3 or newer. Exiting.' exit 1 # operators like =~ produce errors silently in old bash versions, so exit here fi archive='ftp://wireshark.org/automated/captures/' show_output='' # empty string evaluates to false run_through='' # empty string evaluates to false count_cores=0 count_files=0 netsniff_ng_opts='' if [ $# -gt 0 ] ; then if [ "$1" = '-h' -o "$1" = '--help' -o "$1" = '--usage' ] ; then echo 'Usage: dissector_fuzz [-s (show netsniff-ng output, default: no)] [-r (keep running on errors, default: no)] [netsniff-ng long-args]' exit 0 fi for opt in $@ ; do if [ "${opt}" = '-s' ] ; then show_output='true' elif [ "${opt}" = '-r' ] ; then run_through='true' else netsniff_ng_opts="${netsniff_ng_opts} ${opt}"; fi done fi mkdir -p fuzzing cd fuzzing wget -r -Nc -np -nd -A.pcap "$archive" |& grep -E "%|^--" ulimit -c unlimited rm -f core for file in *.pcap do echo "Testing file $file ..." if [ $show_output ]; then netsniff-ng --in "$file" "${netsniff_ng_opts}" else netsniff-ng --in "$file" "${netsniff_ng_opts}" > /dev/null fi if [ -e core ]; then echo "Fuck, core dumped on $file!" let count_cores=count_cores+1 if [ $run_through ]; then rm core else exit fi fi done if which cowsay > /dev/null ; then echo_cmd='cowsay' else echo_cmd='echo' fi ${echo_cmd} 'Your fuckup Score' echo " * tested pcaps: $count_files" echo " * core dumps: $count_cores" t type='hidden' name='id' value='a03e6fe569713fb3ff0714f8fd7c8785c0ca9e22'/>
diff options
context:
space:
mode:
authorWANG Cong <xiyou.wangcong@gmail.com>2016-06-06 09:54:30 -0700
committerDavid S. Miller <davem@davemloft.net>2016-06-07 16:38:59 -0700
commita03e6fe569713fb3ff0714f8fd7c8785c0ca9e22 (patch)
tree2503e58b9720cb4ee120033ab4df1bc97ba93c4c
parentaafddbf0cffeb790f919436285328c762279b5d4 (diff)
act_police: fix a crash during removal
The police action is using its own code to initialize tcf hash info, which makes us to forgot to initialize a->hinfo correctly. Fix this by calling the helper function tcf_hash_create() directly. This patch fixed the following crash: BUG: unable to handle kernel NULL pointer dereference at 0000000000000028 IP: [<ffffffff810c099f>] __lock_acquire+0xd3/0xf91 PGD d3c34067 PUD d3e18067 PMD 0 Oops: 0000 [#1] SMP CPU: 2 PID: 853 Comm: tc Not tainted 4.6.0+ #87 Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011 task: ffff8800d3e28040 ti: ffff8800d3f6c000 task.ti: ffff8800d3f6c000 RIP: 0010:[<ffffffff810c099f>] [<ffffffff810c099f>] __lock_acquire+0xd3/0xf91 RSP: 0000:ffff88011b203c80 EFLAGS: 00010002 RAX: 0000000000000046 RBX: 0000000000000000 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000028 RBP: ffff88011b203d40 R08: 0000000000000001 R09: 0000000000000000 R10: ffff88011b203d58 R11: ffff88011b208000 R12: 0000000000000001 R13: ffff8800d3e28040 R14: 0000000000000028 R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffff88011b200000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000028 CR3: 00000000d4be1000 CR4: 00000000000006e0 Stack: ffff8800d3e289c0 0000000000000046 000000001b203d60 ffffffff00000000 0000000000000000 ffff880000000000 0000000000000000 ffffffff00000000 ffffffff8187142c ffff88011b203ce8 ffff88011b203ce8 ffffffff8101dbfc Call Trace: <IRQ> [<ffffffff8187142c>] ? __tcf_hash_release+0x77/0xd1 [<ffffffff8101dbfc>] ? native_sched_clock+0x1a/0x35 [<ffffffff8101dbfc>] ? native_sched_clock+0x1a/0x35 [<ffffffff810a9604>] ? sched_clock_local+0x11/0x78 [<ffffffff810bf6a1>] ? mark_lock+0x24/0x201 [<ffffffff810c1dbd>] lock_acquire+0x120/0x1b4 [<ffffffff810c1dbd>] ? lock_acquire+0x120/0x1b4 [<ffffffff8187142c>] ? __tcf_hash_release+0x77/0xd1 [<ffffffff81aad89f>] _raw_spin_lock_bh+0x3c/0x72 [<ffffffff8187142c>] ? __tcf_hash_release+0x77/0xd1 [<ffffffff8187142c>] __tcf_hash_release+0x77/0xd1 [<ffffffff81871a27>] tcf_action_destroy+0x49/0x7c [<ffffffff81870b1c>] tcf_exts_destroy+0x20/0x2d [<ffffffff8189273b>] u32_destroy_key+0x1b/0x4d [<ffffffff81892788>] u32_delete_key_freepf_rcu+0x1b/0x1d [<ffffffff810de3b8>] rcu_process_callbacks+0x610/0x82e [<ffffffff8189276d>] ? u32_destroy_key+0x4d/0x4d [<ffffffff81ab0bc1>] __do_softirq+0x191/0x3f4 Fixes: ddf97ccdd7cb ("net_sched: add network namespace support for tc actions") Cc: Jamal Hadi Salim <jhs@mojatatu.com> Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat