Actions
Bug #1555
closedSuricata core dumps on OpenBSD 5.7 in decode.c:229
Status:
Closed
Priority:
Normal
Assignee:
-
Target version:
-
Affected Versions:
Effort:
Difficulty:
Label:
Description
uname -a
OpenBSD fw 5.7 GENERIC.MP#767 i386
suricata -V
This is Suricata version 2.1dev (rev 4a73802)
gdb suricata suricata.core
GNU gdb 6.3
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i386-unknown-openbsd5.7"...
Core was generated by `suricata'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /usr/lib/libpthread.so.18.1...done.
Loaded symbols for /usr/lib/libpthread.so.18.1
Loaded symbols for /usr/local/bin/suricata
Reading symbols from /usr/local/lib/libhtp.so.1.0...done.
Loaded symbols for /usr/local/lib/libhtp.so.1.0
Reading symbols from /usr/local/lib/libGeoIP.so.9.0...done.
Loaded symbols for /usr/local/lib/libGeoIP.so.9.0
Reading symbols from /usr/local/lib/libmagic.so.4.2...done.
Loaded symbols for /usr/local/lib/libmagic.so.4.2
Reading symbols from /usr/lib/libz.so.5.0...done.
Loaded symbols for /usr/lib/libz.so.5.0
Reading symbols from /usr/local/lib/libiconv.so.6.0...done.
Loaded symbols for /usr/local/lib/libiconv.so.6.0
Reading symbols from /usr/lib/libpcap.so.8.0...done.
Loaded symbols for /usr/lib/libpcap.so.8.0
Reading symbols from /usr/local/lib/libnet.so.11.0...done.
Loaded symbols for /usr/local/lib/libnet.so.11.0
Reading symbols from /usr/local/lib/libjansson.so.1.0...done.
Loaded symbols for /usr/local/lib/libjansson.so.1.0
Symbols already loaded for /usr/lib/libpthread.so.18.1
Reading symbols from /usr/local/lib/libyaml.so.0.0...done.
Loaded symbols for /usr/local/lib/libyaml.so.0.0
Reading symbols from /usr/local/lib/libpcre.so.3.0...done.
Loaded symbols for /usr/local/lib/libpcre.so.3.0
Reading symbols from /usr/local/lib/libplds4.so.23.1...done.
Loaded symbols for /usr/local/lib/libplds4.so.23.1
Reading symbols from /usr/local/lib/libplc4.so.23.1...done.
Loaded symbols for /usr/local/lib/libplc4.so.23.1
Reading symbols from /usr/local/lib/libnspr4.so.23.1...done.
Loaded symbols for /usr/local/lib/libnspr4.so.23.1
Reading symbols from /usr/lib/libc.so.78.1...done.
Loaded symbols for /usr/lib/libc.so.78.1
Reading symbols from /usr/libexec/ld.so...done.
Loaded symbols for /usr/libexec/ld.so
#0 memcpy (dst0=0x7b376a08, src0=0x7b97336f, length=0)
at /usr/src/lib/libc/string/memcpy.c:88
88 TLOOP1(*dst++ = *src++);
(gdb) print dst
$1 = 0x7b43d699 ""
(gdb) print src
$2 = 0x7ba3a000 <Address 0x7ba3a000 out of bounds>
(gdb) where
#0 memcpy (dst0=0x7b376a08, src0=0x7b97336f, length=0)
at /usr/src/lib/libc/string/memcpy.c:88
#1 0x1ac0ea3a in PacketCopyData (p=0x7b376550, pktdata=0x7b97336f "", pktlen=-83919010)
at decode.c:229
#2 0x1ad292de in PcapCallbackLoop (user=0x833c7500 "", h=0x7b96c7f0, pkt=0x7b97336f "")
at source-pcap.c:253
#3 0x0190928d in pcap_read (p=0x8b64ae00, cnt=64, callback=0x1ad29220 <PcapCallbackLoop>,
user=0x833c7500 "") at /usr/src/lib/libpcap/pcap-bpf.c:188
#4 0x01907b9d in pcap_dispatch (p=0x8b64ae00, cnt=64,
callback=0x1ad29220 <PcapCallbackLoop>, user=0x833c7500 "")
at /usr/src/lib/libpcap/pcap.c:59
#5 0x1ad29702 in ReceivePcapLoop (tv=0x7ad63f80, data=0x833c7500, slot=0x7fde6a00)
at source-pcap.c:316
#6 0x1ad51f73 in TmThreadsSlotPktAcqLoop (td=0x7ad63f80) at tm-threads.c:336
#7 0x0f00580e in _rthread_start (v=0x7ad19e00) at /usr/src/lib/librthread/rthread.c:145
#8 0x0d2c2b06 in __tfork_thread () at /usr/src/lib/libc/arch/i386/sys/tfork_thread.S:95
(gdb) up
#1 0x1ac0ea3a in PacketCopyData (p=0x7b376550, pktdata=0x7b97336f "", pktlen=-83919010)
at decode.c:229
229 memcpy(p->ext_pkt + offset, data, datalen);
(gdb) print *p
$3 = {src = {family = 0 '\0', address = {address_un_data32 = {0, 0, 0, 0},
address_un_data16 = {0, 0, 0, 0, 0, 0, 0, 0},
address_un_data8 = '\0' <repeats 15 times>}}, dst = {family = 0 '\0', address = {
address_un_data32 = {0, 0, 0, 0}, address_un_data16 = {0, 0, 0, 0, 0, 0, 0, 0},
address_un_data8 = '\0' <repeats 15 times>}}, {sp = 0, type = 0 '\0'}, {dp = 0,
code = 0 '\0'}, proto = 0 '\0', recursion_level = 0 '\0', vlan_id = {0, 0},
vlan_idx = 0 '\0', flowflags = 0 '\0', flags = 0, flow = 0x0, ts = {tv_sec = 528,
tv_usec = 65554}, {pcap_v = {tenant_id = 0}},
ReleasePacket = 0x1ad4b070 <PacketPoolReturnPacket>, pktvar = 0x0, ethh = 0x0,
level3_comp_csum = -1, level4_comp_csum = -1, ip4h = 0x0, ip6h = 0x0, {ip4vars = {
comp_csum = 0, ip_src_u32 = 0, ip_dst_u32 = 0, ip_opts = {{type = 0 '\0',
len = 0 '\0', data = 0x7b376a2c ""}, {type = 0 '\0', len = 0 '\0',
data = 0x0} <repeats 39 times>}, ip_opt_cnt = 0 '\0', o_rr = 0x0, o_qs = 0x0,
o_ts = 0x0, o_sec = 0x0, o_lsrr = 0x0, o_cipso = 0x0, o_sid = 0x0, o_ssrr = 0x0,
o_rtralt = 0x0}, {ip6vars = {ip_opts_len = 0 '\0', l4proto = 0 '\0'}, ip6eh = {
ip6fh = 0x0, fh_offset = 0, ip6rh = 0x0, ip6ah = 0x7b376a2c, ip6eh = 0x0,
ip6dh1 = 0x0, ip6dh2 = 0x0, ip6hh = 0x0, ip6hh_opt_hao = {ip6hao_type = 0 '\0',
ip6hao_len = 0 '\0', ip6hao_hoa = {__u6_addr = {
__u6_addr8 = '\0' <repeats 15 times>, __u6_addr16 = {0, 0, 0, 0, 0, 0, 0,
0}, __u6_addr32 = {0, 0, 0, 0}}}}, ip6hh_opt_ra = {ip6ra_type = 0 '\0',
ip6ra_len = 0 '\0', ip6ra_value = 0}, ip6hh_opt_jumbo = {ip6j_type = 0 '\0',
ip6j_len = 0 '\0', ip6j_payload_len = 0}, ip6dh1_opt_hao = {
ip6hao_type = 0 '\0', ip6hao_len = 0 '\0', ip6hao_hoa = {__u6_addr = {
__u6_addr8 = '\0' <repeats 15 times>, __u6_addr16 = {0, 0, 0, 0, 0, 0, 0,
0}, __u6_addr32 = {0, 0, 0, 0}}}}, ip6dh1_opt_ra = {ip6ra_type = 0 '\0',
ip6ra_len = 0 '\0', ip6ra_value = 0}, ip6dh1_opt_jumbo = {ip6j_type = 0 '\0',
ip6j_len = 0 '\0', ip6j_payload_len = 0}, ip6dh2_opt_hao = {
ip6hao_type = 0 '\0', ip6hao_len = 0 '\0', ip6hao_hoa = {__u6_addr = {
__u6_addr8 = '\0' <repeats 15 times>, __u6_addr16 = {0, 0, 0, 0, 0, 0, 0,
0}, __u6_addr32 = {0, 0, 0, 0}}}}, ip6dh2_opt_ra = {ip6ra_type = 0 '\0',
ip6ra_len = 0 '\0', ip6ra_value = 0}, ip6dh2_opt_jumbo = {ip6j_type = 0 '\0',
ip6j_len = 0 '\0', ip6j_payload_len = 0}, ip6_exthdrs = {{type = 0 '\0',
next = 0 '\0', len = 0 '\0', data = 0x0} <repeats 40 times>},
ip6_exthdrs_cnt = 0 '\0'}}}, {tcpvars = {tcp_opt_cnt = 0 '\0', tcp_opts = {{
type = 8 '\b', len = 10 '\n', data = 0x7b376a42 ""}, {type = 4 '\004',
len = 2 '\002', data = 0x7b376a44 ""}, {type = 8 '\b', len = 10 '\n',
data = 0x7b376a46 ""}, {type = 3 '\003', len = 3 '\003', data = 0x7b376a51 ""}, {
type = 0 '\0', len = 0 '\0', data = 0x0} <repeats 16 times>}, ts = 0x0,
sack = 0x0, sackok = 0x0, ws = 0x0, mss = 0x0}, udpvars = {<No data fields>},
icmpv4vars = {id = 0, seq = 0, mtu = 2568, error_ptr = 2067229250, emb_ipv4h = 0x204,
emb_tcph = 0x7b376a44, emb_udph = 0xa08, emb_icmpv4h = 0x7b376a46, emb_ip4_src = {
s_addr = 771}, emb_ip4_dst = {s_addr = 2067229265}, emb_ip4_hlen = 0 '\0',
emb_ip4_proto = 0 '\0', emb_sport = 0, emb_dport = 0}, icmpv6vars = {id = 0,
seq = 0, mtu = 2568, error_ptr = 2067229250, emb_ipv6h = 0x204,
emb_tcph = 0x7b376a44, emb_udph = 0xa08, emb_icmpv6h = 0x7b376a46, emb_ip6_src = {
771, 2067229265, 0, 0}, emb_ip6_dst = {0, 0, 0, 0}, emb_ip6_proto_next = 0 '\0',
emb_sport = 0, emb_dport = 0}}, tcph = 0x0, udph = 0x0, sctph = 0x0, icmpv4h = 0x0,
icmpv6h = 0x0, ppph = 0x0, pppoesh = 0x0, pppoedh = 0x0, greh = 0x0, vlanh = {0x0, 0x0},
payload = 0x0, payload_len = 0, action = 0 '\0', pkt_src = 1 '\001',
pktlen = 4211048286, ext_pkt = 0x0, livedev = 0x8398bd80, alerts = {cnt = 0, alerts = {{
num = 17151, action = 1 '\001', flags = 0 '\0', s = 0x8307d000, tx_id = 0}, {
num = 17151, action = 1 '\001', flags = 0 '\0', s = 0x8307d000, tx_id = 0}, {
num = 0, action = 0 '\0', flags = 0 '\0', s = 0x0, tx_id = 0} <repeats 13 times>},
drop = {num = 0, action = 0 '\0', flags = 0 '\0', s = 0x0, tx_id = 0}},
host_src = 0x0, host_dst = 0x0, pcap_cnt = 0, events = {cnt = 0 '\0',
events = "\210w", '\0' <repeats 12 times>}, app_layer_events = 0x0, next = 0x0,
prev = 0x0, datalink = 1, debuglog_flowbits_names_len = 0,
debuglog_flowbits_names = 0x0, root = 0x0, tunnel_mutex = 0x877d14c0,
tunnel_rtv_cnt = 0, tunnel_tpr_cnt = 0, tenant_id = 0, pool = 0x7acd8600}
(gdb) print pktlen
$4 = -83919010
(gdb) print pktdata
$5 = (uint8_t *) 0x7b97336f ""
(gdb) print *pktdata
$6 = 0 '\0'
(gdb) up
#2 0x1ad292de in PcapCallbackLoop (user=0x833c7500 "", h=0x7b96c7f0, pkt=0x7b97336f "")
at source-pcap.c:253
253 if (unlikely(PacketCopyData(p, pkt, h->caplen))) {
(gdb) print *p
$7 = {src = {family = 0 '\0', address = {address_un_data32 = {0, 0, 0, 0},
address_un_data16 = {0, 0, 0, 0, 0, 0, 0, 0},
address_un_data8 = '\0' <repeats 15 times>}}, dst = {family = 0 '\0', address = {
address_un_data32 = {0, 0, 0, 0}, address_un_data16 = {0, 0, 0, 0, 0, 0, 0, 0},
address_un_data8 = '\0' <repeats 15 times>}}, {sp = 0, type = 0 '\0'}, {dp = 0,
code = 0 '\0'}, proto = 0 '\0', recursion_level = 0 '\0', vlan_id = {0, 0},
vlan_idx = 0 '\0', flowflags = 0 '\0', flags = 0, flow = 0x0, ts = {tv_sec = 528,
tv_usec = 65554}, {pcap_v = {tenant_id = 0}},
ReleasePacket = 0x1ad4b070 <PacketPoolReturnPacket>, pktvar = 0x0, ethh = 0x0,
level3_comp_csum = -1, level4_comp_csum = -1, ip4h = 0x0, ip6h = 0x0, {ip4vars = {
comp_csum = 0, ip_src_u32 = 0, ip_dst_u32 = 0, ip_opts = {{type = 0 '\0',
len = 0 '\0', data = 0x7b376a2c ""}, {type = 0 '\0', len = 0 '\0',
data = 0x0} <repeats 39 times>}, ip_opt_cnt = 0 '\0', o_rr = 0x0, o_qs = 0x0,
o_ts = 0x0, o_sec = 0x0, o_lsrr = 0x0, o_cipso = 0x0, o_sid = 0x0, o_ssrr = 0x0,
o_rtralt = 0x0}, {ip6vars = {ip_opts_len = 0 '\0', l4proto = 0 '\0'}, ip6eh = {
ip6fh = 0x0, fh_offset = 0, ip6rh = 0x0, ip6ah = 0x7b376a2c, ip6eh = 0x0,
ip6dh1 = 0x0, ip6dh2 = 0x0, ip6hh = 0x0, ip6hh_opt_hao = {ip6hao_type = 0 '\0',
ip6hao_len = 0 '\0', ip6hao_hoa = {__u6_addr = {
__u6_addr8 = '\0' <repeats 15 times>, __u6_addr16 = {0, 0, 0, 0, 0, 0, 0,
0}, __u6_addr32 = {0, 0, 0, 0}}}}, ip6hh_opt_ra = {ip6ra_type = 0 '\0',
ip6ra_len = 0 '\0', ip6ra_value = 0}, ip6hh_opt_jumbo = {ip6j_type = 0 '\0',
ip6j_len = 0 '\0', ip6j_payload_len = 0}, ip6dh1_opt_hao = {
ip6hao_type = 0 '\0', ip6hao_len = 0 '\0', ip6hao_hoa = {__u6_addr = {
__u6_addr8 = '\0' <repeats 15 times>, __u6_addr16 = {0, 0, 0, 0, 0, 0, 0,
0}, __u6_addr32 = {0, 0, 0, 0}}}}, ip6dh1_opt_ra = {ip6ra_type = 0 '\0',
ip6ra_len = 0 '\0', ip6ra_value = 0}, ip6dh1_opt_jumbo = {ip6j_type = 0 '\0',
ip6j_len = 0 '\0', ip6j_payload_len = 0}, ip6dh2_opt_hao = {
ip6hao_type = 0 '\0', ip6hao_len = 0 '\0', ip6hao_hoa = {__u6_addr = {
__u6_addr8 = '\0' <repeats 15 times>, __u6_addr16 = {0, 0, 0, 0, 0, 0, 0,
0}, __u6_addr32 = {0, 0, 0, 0}}}}, ip6dh2_opt_ra = {ip6ra_type = 0 '\0',
ip6ra_len = 0 '\0', ip6ra_value = 0}, ip6dh2_opt_jumbo = {ip6j_type = 0 '\0',
ip6j_len = 0 '\0', ip6j_payload_len = 0}, ip6_exthdrs = {{type = 0 '\0',
next = 0 '\0', len = 0 '\0', data = 0x0} <repeats 40 times>},
ip6_exthdrs_cnt = 0 '\0'}}}, {tcpvars = {tcp_opt_cnt = 0 '\0', tcp_opts = {{
type = 8 '\b', len = 10 '\n', data = 0x7b376a42 ""}, {type = 4 '\004',
len = 2 '\002', data = 0x7b376a44 ""}, {type = 8 '\b', len = 10 '\n',
data = 0x7b376a46 ""}, {type = 3 '\003', len = 3 '\003', data = 0x7b376a51 ""}, {
type = 0 '\0', len = 0 '\0', data = 0x0} <repeats 16 times>}, ts = 0x0,
sack = 0x0, sackok = 0x0, ws = 0x0, mss = 0x0}, udpvars = {<No data fields>},
icmpv4vars = {id = 0, seq = 0, mtu = 2568, error_ptr = 2067229250, emb_ipv4h = 0x204,
emb_tcph = 0x7b376a44, emb_udph = 0xa08, emb_icmpv4h = 0x7b376a46, emb_ip4_src = {
s_addr = 771}, emb_ip4_dst = {s_addr = 2067229265}, emb_ip4_hlen = 0 '\0',
emb_ip4_proto = 0 '\0', emb_sport = 0, emb_dport = 0}, icmpv6vars = {id = 0,
seq = 0, mtu = 2568, error_ptr = 2067229250, emb_ipv6h = 0x204,
emb_tcph = 0x7b376a44, emb_udph = 0xa08, emb_icmpv6h = 0x7b376a46, emb_ip6_src = {
771, 2067229265, 0, 0}, emb_ip6_dst = {0, 0, 0, 0}, emb_ip6_proto_next = 0 '\0',
emb_sport = 0, emb_dport = 0}}, tcph = 0x0, udph = 0x0, sctph = 0x0, icmpv4h = 0x0,
icmpv6h = 0x0, ppph = 0x0, pppoesh = 0x0, pppoedh = 0x0, greh = 0x0, vlanh = {0x0, 0x0},
payload = 0x0, payload_len = 0, action = 0 '\0', pkt_src = 1 '\001',
pktlen = 4211048286, ext_pkt = 0x0, livedev = 0x8398bd80, alerts = {cnt = 0, alerts = {{
num = 17151, action = 1 '\001', flags = 0 '\0', s = 0x8307d000, tx_id = 0}, {
num = 17151, action = 1 '\001', flags = 0 '\0', s = 0x8307d000, tx_id = 0}, {
num = 0, action = 0 '\0', flags = 0 '\0', s = 0x0, tx_id = 0} <repeats 13 times>},
drop = {num = 0, action = 0 '\0', flags = 0 '\0', s = 0x0, tx_id = 0}},
host_src = 0x0, host_dst = 0x0, pcap_cnt = 0, events = {cnt = 0 '\0',
events = "\210w", '\0' <repeats 12 times>}, app_layer_events = 0x0, next = 0x0,
prev = 0x0, datalink = 1, debuglog_flowbits_names_len = 0,
debuglog_flowbits_names = 0x0, root = 0x0, tunnel_mutex = 0x877d14c0,
tunnel_rtv_cnt = 0, tunnel_tpr_cnt = 0, tenant_id = 0, pool = 0x7acd8600}
(gdb) up
#3 0x0190928d in pcap_read (p=0x8b64ae00, cnt=64, callback=0x1ad29220 <PcapCallbackLoop>,
user=0x833c7500 "") at /usr/src/lib/libpcap/pcap-bpf.c:188
188 (*callback)(user, (struct pcap_pkthdr*)bp, bp + hdrlen);
(gdb) print *bp
$8 = 16 '\020'
(gdb)
(gdb) print hdrlen
$9 = 27519
(gdb) print user
$10 = (u_char *) 0x833c7500 ""
(gdb) print *user
$11 = 0 '\0'
(gdb) up
#4 0x01907b9d in pcap_dispatch (p=0x8b64ae00, cnt=64,
callback=0x1ad29220 <PcapCallbackLoop>, user=0x833c7500 "")
at /usr/src/lib/libpcap/pcap.c:59
59 return (pcap_read(p, cnt, callback, user));
(gdb) print *p
$12 = {fd = 9, snapshot = 1516, linktype = 1, tzoff = 0, offset = 0, activated = 1,
oldstyle = 0, break_loop = 0, sf = {rfile = 0x0, swapped = 0, version_major = 0,
version_minor = 0, base = 0x0}, md = {stat = {ps_recv = 0, ps_drop = 0,
ps_ifdrop = 0}, use_bpf = 0, TotPkts = 0, TotAccepted = 0, TotDrops = 0,
TotMissed = 0, OrigMissed = 0, timeout = 500, must_do_on_close = 0, next = 0x0},
opt = {buffer_size = 0, source = 0x7be25610 "em0", promisc = 1, rfmon = 0},
bufsize = 32768, buffer = 0x7b966000 "+{?Usk\b", bp = 0x7b96b384 "\004\016", cc = 0,
pkt = 0x0, fcode = {bf_len = 0, bf_insns = 0x0}, dlt_count = 1, dlt_list = 0x80f150e0,
errbuf = '\0' <repeats 255 times>, pcap_header = {ts = {tv_sec = 0, tv_usec = 0},
caplen = 0, len = 0}}
Actions