>Number:         3799
>Category:       bin
>Synopsis:       Some NFSv2 packets cause tcpdump to abort
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    bin-bug-people (Utility Bug People)
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu Jun 26 21:50:02 1997
>Last-Modified:
>Originator:     Azuma OKAMOTO
>Organization:
	Tohoku University, JAPAN
>Release:        NetBSD-1.2 and later
>Environment:
System: NetBSD ellen.dais.is.tohoku.ac.jp 1.2F NetBSD 1.2F (LFO) #6: Mon Jun 9 19:42:25 JST 1997 lfo@ellen.dais.is.tohoku.ac.jp:/usr/src/sys/arch/i386/compile/LFO i386


>Description:
In tcpdump/print-nfs.c nfsreq_print():

	int proc, v3;
		:
	proc = ntohl(rp->rm_call.cb_proc);

	if (!v3 && proc < NFS_NPROCS)
		proc =  nfsv3_procid[proc];

At this point, tcpdump dumps core if "v3" is 0 and "proc" < 0.

>How-To-Repeat:
Run tcpdump, and receive NFSv2 packet (from Solaris2 ??).

>Fix:
--- tcpdump/print-nfs.c.ORIG	Sun Mar 16 21:31:20 1997
+++ tcpdump/print-nfs.c	Thu Jun 26 04:35:29 1997
@@ -379,7 +379,8 @@
 	register const u_int32 *dp;
 	register const u_char *ep;
 	nfstype type;
-	int proc, v3;
+	u_int32 proc;
+	int v3;
 	struct nfsv3_sattr sa3;
 
 #define TCHECK(p, l) if ((u_char *)(p) > ep - l) break
>Audit-Trail:
>Unformatted: