Project

General

Profile

Actions

Bug #1089

closed

SMTP: move depends on uninitialised value

Added by Jack Flemming almost 11 years ago. Updated over 10 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

Version: Pulled from Github today. Advertised version is "Suricata 2.0dev (rev a77b9b3)"
Issue: Valgrind warning in SMTP. Specifically when cmds_count == 0.

==10714== Conditional jump or move depends on uninitialised value(s)
==10714==    at 0x44EF38: SMTPProcessReply (app-layer-smtp.c:573)
==10714==    by 0x450B6B: SMTPParse (app-layer-smtp.c:727)
==10714==    by 0x450C2F: SMTPParseServerRecord (app-layer-smtp.c:754)
==10714==    by 0x44418A: AppLayerParserParse (app-layer-parser.c:778)
==10714==    by 0x415E96: AppLayerHandleTCPData (app-layer.c:323)
==10714==    by 0x5AB418: StreamTcpReassembleAppLayer (stream-tcp-reassemble.c:3027)
==10714==    by 0x4151EC: AppLayerHandleTCPData (app-layer.c:209)
==10714==    by 0x5AB418: StreamTcpReassembleAppLayer (stream-tcp-reassemble.c:3027)
==10714==    by 0x5ABCB7: StreamTcpReassembleHandleSegmentUpdateACK (stream-tcp-reassemble.c:3373)
==10714==    by 0x5ABD59: StreamTcpReassembleHandleSegment (stream-tcp-reassemble.c:3401)
==10714==    by 0x59BABF: StreamTcpPacketStateEstablished (stream-tcp.c:2211)
==10714==    by 0x5A1C77: StreamTcpPacket (stream-tcp.c:4242)

How to recreate
:
1. Make an unoptimized build of HTP / Suricata
2. Run like so:
valgrind --leak-check=full --trace-children=yes ./src/suricata -c ./suricata.yaml -r <attached pcap> -k none --runmode single -l ./output/

Patch:
I've attached a patch but I don't understand why cmds_cnt = 0 in this case. As such, the patch is more of a reference than anything else.


Files

smtp_bug.pcap (4.3 KB) smtp_bug.pcap Jack Flemming, 01/26/2014 07:51 PM
smtp.patch (746 Bytes) smtp.patch Jack Flemming, 01/26/2014 07:57 PM
Actions

Also available in: Atom PDF