Actions
Bug #2275
closedConfGetInt in conf.c: NULL-pointer dereference
Affected Versions:
Effort:
Difficulty:
Label:
Description
If there are empty values in the config-file where integer values are expected, strtoimax in the ConfGetInt-function will segfault because of NULL-pointer dereference.
Here is a configuration example:
pcre.match-limit: []
This will let suricata crash with a segfault.
ASAN-output:
ASAN:DEADLYSIGNAL ================================================================= ==16951==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7fa690e3ccc5 bp 0x000000000000 sp 0x7ffd0d770ad0 T0) #0 0x7fa690e3ccc4 (/lib/x86_64-linux-gnu/libc.so.6+0x36cc4) #1 0x7fa6946a6534 in strtoimax (/usr/lib/x86_64-linux-gnu/libasan.so.3+0x44534) #2 0x55e0aeba6499 in ConfGetInt /root/suricata-1/src/conf.c:390 #3 0x55e0aed2545d in DetectPcreRegister /root/suricata-1/src/detect-pcre.c:99 #4 0x55e0aec1b4ce in SigTableSetup /root/suricata-1/src/detect.c:3783 #5 0x55e0aeeed58d in PostConfLoadedSetup /root/suricata-1/src/suricata.c:2690 #6 0x55e0aeeee4f2 in main /root/suricata-1/src/suricata.c:2892 #7 0x7fa690e262b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0) #8 0x55e0aea92d39 in _start (/usr/local/bin/suricata+0xc7d39) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x36cc4)
Updated by Victor Julien about 7 years ago
- Description updated (diff)
- Status changed from New to Closed
- Target version set to 4.0.2/4.0.3
Actions