Project

General

Profile

Actions
Copy link

Bug #152

closed

Processing the attached pcap causes the engine to hang inside of DecodeIPV6ExtHdrs()

Added by Will Metcalf almost 14 years ago. Updated almost 14 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Victor Julien
Target version:
0.9.1
Affected Versions:
Effort:
Difficulty:
Label:

Description

src/suricata -r defcon_eth0.dump-fuzz-2010-05-09-19-48-04.slice2 -l lockup/ -c suricata.yaml

coz@coz-desktop:~$ gdb attach 28700
GNU gdb (GDB) 7.1-ubuntu
Copyright (C) 2010 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/&gt;...
attach: No such file or directory.
Attaching to process 28700
Reading symbols from /home/coz/downloads/suricatafuzz2/src/.libs/lt-suricata...done.
Reading symbols from /home/coz/downloads/suricatafuzz2/libhtp/htp/.libs/libhtp-0.2.so.1...done.
Loaded symbols for /home/coz/downloads/suricatafuzz2/libhtp/htp/.libs/libhtp-0.2.so.1
Reading symbols from /usr/lib/libpcap.so.0.8...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/libpcap.so.0.8
Reading symbols from /usr/local/lib/libpfring.so...done.
Loaded symbols for /usr/local/lib/libpfring.so
Reading symbols from /usr/lib/libnet.so.1...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/libnet.so.1
Reading symbols from /lib/libpthread.so.0...Reading symbols from /usr/lib/debug/lib/libpthread-2.11.1.so...done.
[Thread debugging using libthread_db enabled]
[New Thread 0x7fe7fb7f6710 (LWP 28729)]
[New Thread 0x7fe7fbff7710 (LWP 28728)]
[New Thread 0x7fe7f3ff7710 (LWP 28727)]
[New Thread 0x7fe7fc7f8710 (LWP 28726)]
[New Thread 0x7fe7fcff9710 (LWP 28725)]
[New Thread 0x7fe7fd7fa710 (LWP 28724)]
[New Thread 0x7fe7fdffb710 (LWP 28723)]
[New Thread 0x7fe7fe7fc710 (LWP 28722)]
[New Thread 0x7fe7feffd710 (LWP 28721)]
[New Thread 0x7fe7ff7fe710 (LWP 28720)]
[New Thread 0x7fe7fffff710 (LWP 28719)]
[New Thread 0x7fe804b38710 (LWP 28718)]
[New Thread 0x7fe80533a710 (LWP 28717)]
[New Thread 0x7fe805b3b710 (LWP 28716)]
[New Thread 0x7fe80633c710 (LWP 28715)]
done.
Loaded symbols for /lib/libpthread.so.0
Reading symbols from /usr/lib/libyaml-0.so.2...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/libyaml-0.so.2
Reading symbols from /lib/libpcre.so.3...(no debugging symbols found)...done.
Loaded symbols for /lib/libpcre.so.3
Reading symbols from /lib/libc.so.6...Reading symbols from /usr/lib/debug/lib/libc-2.11.1.so...done.
done.
Loaded symbols for /lib/libc.so.6
Reading symbols from /lib/libz.so.1...(no debugging symbols found)...done.
Loaded symbols for /lib/libz.so.1
Reading symbols from /lib64/ld-linux-x86-64.so.2...Reading symbols from /usr/lib/debug/lib/ld-2.11.1.so...done.
done.
Loaded symbols for /lib64/ld-linux-x86-64.so.2
0x00007fe8068ff35d in nanosleep () at ../sysdeps/unix/syscall-template.S:82
82 ../sysdeps/unix/syscall-template.S: No such file or directory.
in ../sysdeps/unix/syscall-template.S
(gdb) info threads
16 Thread 0x7fe80633c710 (LWP 28715) pthread_cond_wait@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:162
15 Thread 0x7fe805b3b710 (LWP 28716) 0x0000000000415ee4 in DecodeIPV6ExtHdrs (tv=0x18234c0, dtv=0x1ae0680, p=0x1348130, pkt=0x13481de "3?\001", len=32, pq=0x18235c0) at decode-ipv6.c:342
14 Thread 0x7fe80533a710 (LWP 28717) pthread_cond_wait@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:162
13 Thread 0x7fe804b38710 (LWP 28718) pthread_cond_wait@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:162
12 Thread 0x7fe7fffff710 (LWP 28719) pthread_cond_wait@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:162
11 Thread 0x7fe7ff7fe710 (LWP 28720) pthread_cond_wait@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:162
10 Thread 0x7fe7feffd710 (LWP 28721) pthread_cond_wait@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:162
9 Thread 0x7fe7fe7fc710 (LWP 28722) pthread_cond_wait@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:162
8 Thread 0x7fe7fdffb710 (LWP 28723) pthread_cond_wait@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:162
7 Thread 0x7fe7fd7fa710 (LWP 28724) pthread_cond_wait@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:162
6 Thread 0x7fe7fcff9710 (LWP 28725) pthread_cond_wait@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:162
5 Thread 0x7fe7fc7f8710 (LWP 28726) pthread_cond_wait@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:162
4 Thread 0x7fe7f3ff7710 (LWP 28727) 0x00007fe8068ff35d in nanosleep () at ../sysdeps/unix/syscall-template.S:82
3 Thread 0x7fe7fbff7710 (LWP 28728) pthread_cond_timedwait@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_timedwait.S:211
2 Thread 0x7fe7fb7f6710 (LWP 28729) pthread_cond_timedwait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_timedwait.S:211
  • 1 Thread 0x7fe807ca0700 (LWP 28700) 0x00007fe8068ff35d in nanosleep () at ../sysdeps/unix/syscall-template.S:82
    (gdb) thread 15
    [Switching to thread 15 (Thread 0x7fe805b3b710 (LWP 28716))]#0 0x0000000000415ee4 in DecodeIPV6ExtHdrs (tv=0x18234c0, dtv=0x1ae0680, p=0x1348130, pkt=0x13481de "3?\001", len=32, pq=0x18235c0) at decode-ipv6.c:342
    342 DECODER_SET_EVENT(p, IPV6_EXTHDR_DUPL_AH);
    (gdb) bt full
    #0 0x0000000000415ee4 in DecodeIPV6ExtHdrs (tv=0x18234c0, dtv=0x1ae0680, p=0x1348130, pkt=0x13481de "3?\001", len=32, pq=0x18235c0) at decode-ipv6.c:342
    orig_pkt = 0x13481de "3?\001"
    nh = 51 '3'
    hdrextlen = 0 '\000'
    plen = 32
    dstopts = 0 '\000'
    exthdr_fh_done = 0 '\000'
    #1 0x000000000041645e in DecodeIPV6 (tv=0x18234c0, dtv=0x1ae0680, p=0x1348130, pkt=0x13481b6 "`", len=72, pq=0x18235c0) at decode-ipv6.c:436
    ret = 0
    #2 0x0000000000411d5c in DecodeEthernet (tv=0x18234c0, dtv=0x1ae0680, p=0x1348130, pkt=0x13481a8 "3p\377\267\301", <incomplete sequence \336>, len=86, pq=0x18235c0) at decode-ethernet.c:57
    No locals.
    #3 0x0000000000410f11 in DecodePcapFile (tv=0x18234c0, p=0x1348130, data=0x1ae0680, pq=0x18235c0) at source-pcap-file.c:263
    dtv = 0x1ae0680
    #4 0x00000000004a51d4 in TmThreadsSlot1 (td=0x18234c0) at tm-threads.c:382
    tv = 0x18234c0
    s = 0x1823590
    p = 0x1348130
    run = 1 '\001'
    r = TM_ECODE_OK
    #5 0x00007fe80702b9ca in start_thread (arg=<value optimized out>) at pthread_create.c:300
    res = <value optimized out>
    pd = 0x7fe805b3b710
    unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140634504804112, -7520789658221823630, 0, 0, 0, 0, 7525729108479818098, 7525734477618985330}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0,
    cleanup = 0x0, canceltype = 0}}}
    not_first_call = <value optimized out>
    robust = <value optimized out>
    freesize = <value optimized out>
    __PRETTY_FUNCTION     = "start_thread"
    #6 0x00007fe80693b69d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
    No locals.
    #7 0x0000000000000000 in ?? ()
    No symbol table info available.

Files

defcon_eth0.dump-fuzz-2010-05-09-19-48-04.slice2 (613 KB) defcon_eth0.dump-fuzz-2010-05-09-19-48-04.slice2 fuzzed defcon pcap causes engine to hang Will Metcalf, 05/10/2010 08:59 AM
Actions
Copy link
 #1

Updated by Victor Julien almost 14 years ago

  • Assignee changed from OISF Dev to Victor Julien
Actions
Copy link
 #2

Updated by Victor Julien almost 14 years ago

  • Status changed from New to Closed
  • % Done changed from 0 to 100

Fixed in master.

Actions
Copy link

Also available in: Atom PDF