https://redmine.openinfosecfoundation.org/
https://redmine.openinfosecfoundation.org/favicon.ico?1701117002
2009-12-17T19:37:00Z
Open Information Security Foundation
Suricata - Bug #17: Segv inside of chunked http response body parsing
https://redmine.openinfosecfoundation.org/issues/17?journal_id=38
2009-12-17T19:37:00Z
Will Metcalf
william.metcalf@gmail.com
<ul></ul><p>Looks like it's more than just chunked encoded response bodies..</p>
<p>Core was generated by `src/eidps -r /home/coz/downloads/dc17ctf.pcap -s current-all-blah.rules -l ./ -'.<br />Program terminated with signal 11, Segmentation fault.<br />#0 0x00007f42c5ec10c3 in htp_connp_RES_BODY_DETERMINE () from /usr/lib/libhtp-0.1.so.1<br />(gdb) bt full<br />#0 0x00007f42c5ec10c3 in htp_connp_RES_BODY_DETERMINE () from /usr/lib/libhtp-0.1.so.1<br />No symbol table info available.<br /><a class="issue tracker-1 status-5 priority-4 priority-default closed behind-schedule" title="Bug: within doesn't respect distance while carrying out a match (Closed)" href="https://redmine.openinfosecfoundation.org/issues/1">#1</a> 0x00007f42c5ec0701 in htp_connp_res_data () from /usr/lib/libhtp-0.1.so.1<br />No symbol table info available.<br /><a class="issue tracker-2 status-5 priority-3 priority-lowest closed" title="Feature: The engine needs the ability to run in daemon mode. (Closed)" href="https://redmine.openinfosecfoundation.org/issues/2">#2</a> 0x00000000004afcf0 in HTPHandleResponseData (htp_state=0xf787f98, pstate=<value optimized out>, input=0xa <Address 0xa out of bounds>, input_len=3283650012, output=0x3) at app-layer-htp.c:136<br /> tv = {tv_sec = 1261091422, tv_usec = 528521}<br /> <i>FUNCTION</i> = "HTPHandleResponseData" <br /><a class="issue tracker-1 status-5 priority-3 priority-lowest closed" title="Bug: pcap_dispatch blocks on exit if no traffic is seen. (Closed)" href="https://redmine.openinfosecfoundation.org/issues/3">#3</a> 0x00000000004a4b94 in AppLayerDoParse (app_layer_state=0xab21390, parser_state=0x42e3720, input=0x7f42bccfff50 "\004", input_len=3283650012, parser_idx=3, proto=53) at app-layer-parser.c:584<br /> retval = <value optimized out><br /> result = {head = 0x0, tail = 0x0, cnt = 0}<br /> r = <value optimized out><br /> <i>PRETTY_FUNCTION</i> = "AppLayerDoParse" <br /> e = <value optimized out><br /><a class="issue tracker-1 status-5 priority-4 priority-default closed" title="Bug: DetectBytetestMatch: Error extracting 8 bytes of string data: 0 on web responses (Closed)" href="https://redmine.openinfosecfoundation.org/issues/4">#4</a> 0x00000000004a4db0 in AppLayerParse (f=0x29d82b0, proto=<value optimized out>, flags=<value optimized out>, <br /> input=0x7f42bcd4dcfc "HTTP/1.1 403 Forbidden\r\nContent-Type: text/html\r\nContent-Length: 345\r\nDate: Fri, 31 Jul 2009 19:22:59 GMT\r\nServer: lighttpd/1.4.22\r\n\r\n<?xml version=\"1.0\" encoding=\"iso-8859-1\"?>\n<!DOCTYPE html PUBLIC "..., input_len=3283650012, need_lock=0 '\000') at app-layer-parser.c:732<br /> parser_idx = 3<br /> p = 0x35<br /> ssn = 0x7f42bccfff50<br /> parser_state_store = 0x4<br /> parser_state = 0x42e3720<br /> app_layer_state = <value optimized out><br /> r = <value optimized out><br /> <i>FUNCTION</i> = "AppLayerParse" <br /><a class="issue tracker-1 status-5 priority-4 priority-default closed" title="Bug: Multi-line rules do not work in the OISF engine. (Closed)" href="https://redmine.openinfosecfoundation.org/issues/5">#5</a> 0x00000000004a2da0 in AppLayerHandleMsg (smsg=0x7f42bcd4dcc0, need_lock=0 '\000') at app-layer-detect-proto.c:335<br /> alproto = 3<br /> r = <value optimized out><br /> ssn = 0x7f42bccfff50<br /><a class="issue tracker-1 status-5 priority-4 priority-default closed" title="Bug: The Logging subsystem does not perform proper bounds checking on msg strings (Closed)" href="https://redmine.openinfosecfoundation.org/issues/6">#6</a> 0x00000000004957d4 in StreamTcpReassembleProcessAppLayer (ra_ctx=0x4713ba0) at stream-tcp-reassemble.c:1232<br /> smsg = 0x159<br /> r = 0<br /><a class="issue tracker-1 status-5 priority-4 priority-default closed" title="Bug: Unifed* File Rollover Causes Segmentation Fault (Closed)" href="https://redmine.openinfosecfoundation.org/issues/7">#7</a> 0x00000000004916a6 in StreamTcpPacket (tv=<value optimized out>, p=0x294fc10, stt=0x4743420) at stream-tcp.c:1941<br /> ssn = 0x7f42bccfff50<br /><a class="issue tracker-1 status-5 priority-4 priority-default closed" title="Bug: engine fails to match when fast_pattern rule is inspecting the same payload as a non-fast_pattern... (Closed)" href="https://redmine.openinfosecfoundation.org/issues/8">#8</a> 0x00000000004927d9 in StreamTcp (tv=0x4e5a700, p=0x294fc10, data=0x4743420, pq=<value optimized out>) at stream-tcp.c:1959<br />No locals.<br /><a class="issue tracker-1 status-5 priority-4 priority-default closed" title="Bug: rules containing the same content match do not fire. (Closed)" href="https://redmine.openinfosecfoundation.org/issues/9">#9</a> 0x0000000000488ef6 in TmThreadsSlot1 (td=<value optimized out>) at tm-threads.c:325<br /> tv = 0x4e5a700<br /> s = 0x1bda3510<br /> p = 0x294fc10<br /> r = <value optimized out><br /><a class="issue tracker-1 status-5 priority-4 priority-default closed behind-schedule" title="Bug: flags:0; alerts when it shoudn't (Closed)" href="https://redmine.openinfosecfoundation.org/issues/10">#10</a> 0x00007f42c5652a04 in start_thread (arg=<value optimized out>) at pthread_create.c:300<br /> __res = <value optimized out><br /> pd = 0x7f42c3b89910<br /> unwind_buf = {cancel_jmp_buf = {{jmp_buf = {139924728224016, 6684411947758230167, 140735894925008, 0, 0, 3, -6753629016401274217, -6753631931334288745}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {<br /> prev = 0x0, cleanup = 0x0, canceltype = 0}}}<br /> not_first_call = <value optimized out><br /> robust = <value optimized out><br /><a class="issue tracker-1 status-5 priority-4 priority-default closed" title="Bug: negated content matches don't work when ! is outside of "" (Closed)" href="https://redmine.openinfosecfoundation.org/issues/11">#11</a> 0x00007f42c4f6d7bd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112<br />No locals.<br /><a class="issue tracker-1 status-5 priority-4 priority-default closed behind-schedule" title="Bug: Negated pcre treated as a normal match (Closed)" href="https://redmine.openinfosecfoundation.org/issues/12">#12</a> 0x0000000000000000 in ?? ()<br />No symbol table info available.</p>
Suricata - Bug #17: Segv inside of chunked http response body parsing
https://redmine.openinfosecfoundation.org/issues/17?journal_id=40
2009-12-18T22:08:31Z
Gurvinder Singh
gurvindersinghdahiya@gmail.com
<ul><li><strong>Status</strong> changed from <i>New</i> to <i>Resolved</i></li><li><strong>Assignee</strong> changed from <i>OISF Dev</i> to <i>Gurvinder Singh</i></li></ul><p>There is no segv anymore after running with the given pcap and unit-test has been bit modified for the content length in the response body.</p>
Suricata - Bug #17: Segv inside of chunked http response body parsing
https://redmine.openinfosecfoundation.org/issues/17?journal_id=73
2009-12-30T07:39:49Z
Victor Julien
victor@inliniac.net
<ul></ul><p>Is this confirmed fixed for everyone?</p>
Suricata - Bug #17: Segv inside of chunked http response body parsing
https://redmine.openinfosecfoundation.org/issues/17?journal_id=74
2009-12-30T07:41:17Z
Will Metcalf
william.metcalf@gmail.com
<ul><li><strong>Status</strong> changed from <i>Resolved</i> to <i>Closed</i></li></ul><p>Yes fixed setting to closed</p>