Project

General

Profile

Actions

Bug #2615

closed

processing of nonexistent pcap

Added by Peter Manev about 4 years ago. Updated almost 4 years ago.

Status:
Closed
Priority:
Normal
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

If a nonexistent pcap is passed to Suricata - it seems it is not handled properly.

sudo LSAN_OPTIONS=suppressions=/home/pevma/Work/Suricata/suricomp/suricata/qa/lsan.suppress ASAN_SYMBOLIZER_PATH=/usr/lib/llvm-6.0/bin/llvm-symbolizer   /opt/suricata-asan/bin/suricata  -S /dev/null   -r mychemicalromance -l locallog/
[16347] 7/9/2018 -- 15:37:44 - (suricata.c:1084) <Notice> (LogVersion) -- This is Suricata version 4.1.0-dev (rev 0f1c8711)
[16348] 7/9/2018 -- 15:37:45 - (source-pcap-file-directory-helper.c:203) <Error> (PcapDetermineDirectoryOrFile) -- [ERRCODE: SC_ERR_FOPEN(44)] - mychemicalromance: Does not exist, or name is an empty string
[16347] 7/9/2018 -- 15:37:45 - (tm-threads.c:2127) <Error> (TmThreadWaitOnThreadInit) -- [ERRCODE: SC_ERR_THREAD_INIT(49)] - thread "RX#01" failed to initialize: flags 0145
[16347] 7/9/2018 -- 15:37:45 - (suricata.c:2999) <Error> (main) -- [ERRCODE: SC_ERR_INITIALIZATION(45)] - Engine initialization failed, aborting...

=================================================================
==16347==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 2458 byte(s) in 1 object(s) allocated from:
    #0 0x4ea760 in __interceptor_malloc (/opt/suricata-asan/bin/suricata+0x4ea760)
    #1 0x9016d1 in PacketGetFromAlloc /home/pevma/Work/Suricata/suricomp/suricata/src/decode.c:131:17
    #2 0x17fd05d in PacketPoolInit /home/pevma/Work/Suricata/suricomp/suricata/src/tmqh-packetpool.c:390:21
    #3 0x181324a in TmThreadsSlotPktAcqLoop /home/pevma/Work/Suricata/suricomp/suricata/src/tm-threads.c:292:5
    #4 0x7fdfaf42af29 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7f29)

Direct leak of 72 byte(s) in 1 object(s) allocated from:
    #0 0x4ea988 in calloc (/opt/suricata-asan/bin/suricata+0x4ea988)
    #1 0x7fdfae386171  (/usr/lib/x86_64-linux-gnu/libnss3.so+0x7e171)

Indirect leak of 2514534 byte(s) in 1023 object(s) allocated from:
    #0 0x4ea760 in __interceptor_malloc (/opt/suricata-asan/bin/suricata+0x4ea760)
    #1 0x9016d1 in PacketGetFromAlloc /home/pevma/Work/Suricata/suricomp/suricata/src/decode.c:131:17
    #2 0x17fd05d in PacketPoolInit /home/pevma/Work/Suricata/suricomp/suricata/src/tmqh-packetpool.c:390:21
    #3 0x181324a in TmThreadsSlotPktAcqLoop /home/pevma/Work/Suricata/suricomp/suricata/src/tm-threads.c:292:5
    #4 0x7fdfaf42af29 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7f29)

SUMMARY: AddressSanitizer: 2517064 byte(s) leaked in 1025 allocation(s).
Actions #1

Updated by Victor Julien about 4 years ago

  • Status changed from New to Assigned
  • Assignee set to Danny Browning
  • Target version set to 70

Danny are you interested in having a look? I think in this case simply checking for the file location when we're parsing commandline args instead of during capture thread spawn would be easiest.

Actions #2

Updated by Danny Browning about 4 years ago

Yeah, I can take a look at this.

Actions #3

Updated by Danny Browning about 4 years ago

  • Status changed from Assigned to Feedback
  • Assignee changed from Danny Browning to Peter Manev
Actions #4

Updated by Peter Manev about 4 years ago

Working as expected when the pcap doesn't exist - errors out right away with a message -

[7331] 18/9/2018 -- 22:35:18 - (suricata.c:2035) <Error> (ParseCommandLine) -- [ERRCODE: SC_ERR_INITIALIZATION(45)] - ERROR: Pcap file does not exist

Actions #5

Updated by Victor Julien almost 4 years ago

  • Status changed from Feedback to Closed
  • Assignee changed from Peter Manev to Danny Browning
  • Target version changed from 70 to 4.1rc2
Actions

Also available in: Atom PDF