Project

General

Profile

Actions

Bug #2354

closed

conf: multiple NULL-pointer dereferences in StreamTcpInitConfig

Added by Wolfgang Hotwagner over 6 years ago. Updated over 6 years ago.

Status:
Closed
Priority:
Normal
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

There are multiple NULL-pointer derefs in StreamTCPInitConfig. All of them happen because ConfGet returns 1 even if the value is NULL. Here is an example ASAN-output:

28618ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f1fd17b57cc bp 0x7fff4c714cb0 sp 0x7fff4c714430 T0)
#0 0x7f1fd17b57cb (/usr/lib/x86_64-linux-gnu/libasan.so.3+0x447cb)
#1 0x55f3dcddb628 in StreamTcpInitConfig /root/suricata-1/src/stream-tcp.c:416
#2 0x55f3dce30cf3 in PreRunInit /root/suricata-1/src/suricata.c:2250
#3 0x55f3dce33f7d in PostConfLoadedSetup /root/suricata-1/src/suricata.c:2748
#4 0x55f3dce3498b in main /root/suricata-1/src/suricata.c:2884
#5 0x7f1fcdf0a2b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0)
#6 0x55f3dc9d5279 in _start (/usr/local/bin/suricata+0xc5279)
Actions

Also available in: Atom PDF