Bug #1550: Segmentation Fault at detect-engine-content-inspection.c:438 - Suricata - Open Information Security Foundation

Actions

Copy link

Bug #1550

closed

Segmentation Fault at detect-engine-content-inspection.c:438

Added by Alessandro Guido over 9 years ago. Updated over 9 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Victor Julien

Target version:

2.0.9

Affected Versions:

Effort:

Difficulty:

Label:

Description

Current master segfaults at detect-engine-content-inspection.c:438

DCERPCState *dcerpc_state = (DCERPCState *)data;
==>    flags |= ((dcerpc_state->dcerpc.dcerpchdr.packed_drep[0] & 0x10) ?
                DETECT_BYTEJUMP_LITTLE: 0);

Backtrace follows:

#0 0x000000000046d35f in DetectEngineContentInspection (de_ctx=de_ctx@entry=0x1d5b640,
det_ctx=det_ctx@entry=0x7ff63dd8a4b0, s=s@entry=0x10c7cb70, sm=0x10c7dca0, f=f@entry=0x7ff619e586e0,
buffer=buffer@entry=0x7ff14f303bf8 "", buffer_len=2886, stream_start_offset=0, inspection_mode=1 '\001', data=0x0)
at detect-engine-content-inspection.c:438
#1 0x000000000046d19e in DetectEngineContentInspection (de_ctx=de_ctx@entry=0x1d5b640,
det_ctx=det_ctx@entry=0x7ff63dd8a4b0, s=s@entry=0x10c7cb70, sm=0x10c7db90, f=f@entry=0x7ff619e586e0,
buffer=buffer@entry=0x7ff14f303bf8 "", buffer_len=2886, stream_start_offset=0, inspection_mode=1 '\001', data=0x0)
at detect-engine-content-inspection.c:332
#2 0x000000000046d19e in DetectEngineContentInspection (de_ctx=de_ctx@entry=0x1d5b640,
det_ctx=det_ctx@entry=0x7ff63dd8a4b0, s=s@entry=0x10c7cb70, sm=0x10c7d8e0, f=f@entry=0x7ff619e586e0,
buffer=buffer@entry=0x7ff14f303bf8 "", buffer_len=2886, stream_start_offset=0, inspection_mode=1 '\001', data=0x0)
at detect-engine-content-inspection.c:332
#3 0x000000000046d19e in DetectEngineContentInspection (de_ctx=de_ctx@entry=0x1d5b640,
det_ctx=det_ctx@entry=0x7ff63dd8a4b0, s=s@entry=0x10c7cb70, sm=0x10c7d630, f=f@entry=0x7ff619e586e0,
buffer=0x7ff14f303bf8 "", buffer_len=2886, stream_start_offset=0, inspection_mode=1 '\001', data=0x0)
at detect-engine-content-inspection.c:332
#4 0x000000000047ba66 in DetectEngineInspectStreamPayload (de_ctx=de_ctx@entry=0x1d5b640,
det_ctx=det_ctx@entry=0x7ff63dd8a4b0, s=s@entry=0x10c7cb70, f=f@entry=0x7ff619e586e0, payload=<optimized out>,
payload_len=<optimized out>) at detect-engine-payload.c:114
#5 0x000000000044e984 in SigMatchSignatures (th_v=th_v@entry=0x20ac07d0, de_ctx=0x1d5b640,
det_ctx=det_ctx@entry=0x7ff63dd8a4b0, p=p@entry=0x7ff63dcff5e0) at detect.c:1654
#6 0x000000000044f0d0 in Detect (tv=0x20ac07d0, p=0x7ff63dcff5e0, data=<optimized out>, pq=<optimized out>,
postpq=<optimized out>) at detect.c:2024
#7 0x00000000005309b6 in TmThreadsSlotVarRun (tv=tv@entry=0x20ac07d0, p=p@entry=0x7ff63dcff5e0,
slot=slot@entry=0x20ac0a20) at tm-threads.c:132
#8 0x000000000050a555 in TmThreadsSlotProcessPkt (p=0x7ff63dcff5e0, s=0x20ac0a20, tv=0x20ac07d0) at tm-threads.h:147
#9 AFPReadFromRing (ptv=ptv@entry=0x7ff653fffe90) at source-af-packet.c:874
#10 0x000000000050cd83 in ReceiveAFPLoop (tv=0x20ac07d0, data=0x7ff653fffe90, slot=<optimized out>)
at source-af-packet.c:1214

Files

Download all files

0001-Segfault-fix.patch (944 Bytes) 0001-Segfault-fix.patch	check data != NULL	Alessandro Guido, 09/16/2015 10:54 AM
evil.pcap (278 Bytes) evil.pcap		Alessandro Guido, 09/17/2015 03:55 AM
evil.rules (488 Bytes) evil.rules		Alessandro Guido, 09/17/2015 03:55 AM
evil.yaml (3.81 KB) evil.yaml		Alessandro Guido, 09/17/2015 04:00 AM