Project

General

Profile

Actions

Bug #2276

closed

conf: NULL-pointer dereference in CoredumpLoadConfig

Added by Wolfgang Hotwagner over 6 years ago. Updated over 6 years ago.

Status:
Closed
Priority:
Normal
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

An empty value for coredump.max-dump in the config-file leads to a segfault because of a NULL-pointer dereference in CoredumpLoadConfig().

Here is a configuration example:

coredump.max-dump: []

This will let suricata crash with a segfault.

ASAN-output:

==9412==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f22e851aa28 bp 0x7ffd90006fc0 sp 0x7ffd90006740 T0)
    #0 0x7f22e851aa27 in strcasecmp (/usr/lib/x86_64-linux-gnu/libasan.so.3+0x51a27)
    #1 0x5608a7ec0108 in CoredumpLoadConfig /root/suricata-1/src/util-coredump-config.c:52
    #2 0x5608a7e8bb22 in PostConfLoadedSetup /root/suricata-1/src/suricata.c:2752
    #3 0x5608a7e8c577 in main /root/suricata-1/src/suricata.c:2892
    #4 0x7f22e4c622b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0)
    #5 0x5608a7a30c59 in _start (/usr/local/bin/suricata+0xc4c59)

Actions #1

Updated by Victor Julien over 6 years ago

  • Description updated (diff)
  • Status changed from New to Closed
  • Target version set to 4.0.2/4.0.3
Actions

Also available in: Atom PDF