Project

General

Profile

Actions

Bug #2275

closed

ConfGetInt in conf.c: NULL-pointer dereference

Added by Wolfgang Hotwagner about 7 years ago. Updated almost 7 years ago.

Status:
Closed
Priority:
Normal
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

If there are empty values in the config-file where integer values are expected, strtoimax in the ConfGetInt-function will segfault because of NULL-pointer dereference.

Here is a configuration example:

pcre.match-limit: []

This will let suricata crash with a segfault.
ASAN-output:

ASAN:DEADLYSIGNAL
=================================================================
==16951==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7fa690e3ccc5 bp 0x000000000000 sp 0x7ffd0d770ad0 T0)
    #0 0x7fa690e3ccc4  (/lib/x86_64-linux-gnu/libc.so.6+0x36cc4)
    #1 0x7fa6946a6534 in strtoimax (/usr/lib/x86_64-linux-gnu/libasan.so.3+0x44534)
    #2 0x55e0aeba6499 in ConfGetInt /root/suricata-1/src/conf.c:390
    #3 0x55e0aed2545d in DetectPcreRegister /root/suricata-1/src/detect-pcre.c:99
    #4 0x55e0aec1b4ce in SigTableSetup /root/suricata-1/src/detect.c:3783
    #5 0x55e0aeeed58d in PostConfLoadedSetup /root/suricata-1/src/suricata.c:2690
    #6 0x55e0aeeee4f2 in main /root/suricata-1/src/suricata.c:2892
    #7 0x7fa690e262b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0)
    #8 0x55e0aea92d39 in _start (/usr/local/bin/suricata+0xc7d39)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x36cc4)
Actions #1

Updated by Victor Julien almost 7 years ago

  • Description updated (diff)
  • Status changed from New to Closed
  • Target version set to 4.0.2/4.0.3
Actions

Also available in: Atom PDF