Project

General

Profile

Actions

Bug #2776

closed

pcap open - invalid interface capture length 524288, bigger than maximum of 262144

Added by Peter Manev about 5 years ago. Updated about 5 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Target version:
-
Affected Versions:
Effort:
Difficulty:
Label:

Description

/opt/suricata-asan/bin/suricata -S /dev/null -k none -r dnsquery.pcapng  -l tests/log/
[13248] 16/1/2019 -- 09:45:39 - (suricata.c:1085) <Notice> (LogVersion) -- This is Suricata version 4.1.0-dev (rev b51e4a39)
[13249] 16/1/2019 -- 09:45:39 - (source-pcap-file-helper.c:174) <Error> (InitPcapFile) -- [ERRCODE: SC_ERR_FOPEN(44)] - invalid interface capture length 524288, bigger than maximum of 262144
[13249] 16/1/2019 -- 09:45:39 - (source-pcap-file.c:276) <Warning> (ReceivePcapFileThreadInit) -- [ERRCODE: SC_ERR_PCAP_DISPATCH(20)] - Failed to init pcap file /home/pevma/Downloads/dnsquery.pcapng, skipping
[13248] 16/1/2019 -- 09:45:39 - (tm-threads.c:2127) <Error> (TmThreadWaitOnThreadInit) -- [ERRCODE: SC_ERR_THREAD_INIT(49)] - thread "RX#01" failed to initialize: flags 0145
[13248] 16/1/2019 -- 09:45:39 - (suricata.c:3007) <Error> (main) -- [ERRCODE: SC_ERR_INITIALIZATION(45)] - Engine initialization failed, aborting...

=================================================================
==13248==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 2458 byte(s) in 1 object(s) allocated from:
    #0 0x4ce333 in __interceptor_malloc (/opt/suricata-asan/bin/suricata+0x4ce333)
    #1 0x8dc862 in PacketGetFromAlloc /home/pevma/Work/Suricata/suricomp/suricata/suricata/src/decode.c:141:17
    #2 0x1828ddd in PacketPoolInit /home/pevma/Work/Suricata/suricomp/suricata/suricata/src/tmqh-packetpool.c:390:21
    #3 0x183efe8 in TmThreadsSlotPktAcqLoop /home/pevma/Work/Suricata/suricomp/suricata/suricata/src/tm-threads.c:292:5
    #4 0x7f9cfb6c8fa2 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7fa2)

Direct leak of 72 byte(s) in 1 object(s) allocated from:
    #0 0x4ce52a in calloc (/opt/suricata-asan/bin/suricata+0x4ce52a)
    #1 0x7f9cfa5faef9  (/usr/lib/x86_64-linux-gnu/libnss3.so+0x7eef9)

Indirect leak of 2514534 byte(s) in 1023 object(s) allocated from:
    #0 0x4ce333 in __interceptor_malloc (/opt/suricata-asan/bin/suricata+0x4ce333)
    #1 0x8dc862 in PacketGetFromAlloc /home/pevma/Work/Suricata/suricomp/suricata/suricata/src/decode.c:141:17
    #2 0x1828ddd in PacketPoolInit /home/pevma/Work/Suricata/suricomp/suricata/suricata/src/tmqh-packetpool.c:390:21
    #3 0x183efe8 in TmThreadsSlotPktAcqLoop /home/pevma/Work/Suricata/suricomp/suricata/suricata/src/tm-threads.c:292:5
    #4 0x7f9cfb6c8fa2 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7fa2)

SUMMARY: AddressSanitizer: 2517064 byte(s) leaked in 1025 allocation(s).

Pcap privately shared.
Using:


This is Suricata version 4.1.0-dev (rev b51e4a39)
Features: UNITTESTS PCAP_SET_BUFF AF_PACKET HAVE_PACKET_FANOUT LIBCAP_NG LIBNET1.1 HAVE_HTP_URI_NORMALIZE_HOOK PCRE_JIT HAVE_NSS HAVE_LUA HAVE_LUAJIT HAVE_LIBJANSSON TLS MAGIC 
SIMD support: SSE_4_2 SSE_4_1 SSE_3 
Atomic intrisics: 1 2 4 8 16 byte(s)
64-bits, Little-endian architecture
GCC version 4.2.1 Compatible Clang 7.0.1 (tags/RELEASE_701/final), C version 199901
compiled with _FORTIFY_SOURCE=0
L1 cache line size (CLS)=64
thread local storage method: __thread
compiled with LibHTP v0.5.28, linked against LibHTP v0.5.28

Suricata Configuration:
  AF_PACKET support:                       yes
  eBPF support:                            no
  XDP support:                             no
  PF_RING support:                         no
  NFQueue support:                         no
  NFLOG support:                           no
  IPFW support:                            no
  Netmap support:                          no
  DAG enabled:                             no
  Napatech enabled:                        no
  WinDivert enabled:                       no

  Unix socket enabled:                     yes
  Detection enabled:                       yes

  Libmagic support:                        yes
  libnss support:                          yes
  libnspr support:                         yes
  libjansson support:                      yes
  liblzma support:                         yes
  hiredis support:                         no
  hiredis async with libevent:             no
  Prelude support:                         no
  PCRE jit:                                yes
  LUA support:                             yes, through luajit
  libluajit:                               yes
  libgeoip:                                yes
  Non-bundled htp:                         no
  Old barnyard2 support:                   no
  Hyperscan support:                       yes
  Libnet support:                          yes
  liblz4 support:                          yes

  Rust support:                            no
  Rust strict mode:                        no
  Rust debug mode:                         no
  Rust compiler:                           not set
  Rust cargo:                              not set

  Install suricatasc:                      yes
  Install suricata-update:                 no

  Profiling enabled:                       no
  Profiling locks enabled:                 no

Development settings:
  Coccinelle / spatch:                     yes
  Unit tests enabled:                      yes
  Debug output enabled:                    no
  Debug validation enabled:                no

Generic build parameters:
  Installation prefix:                     /opt/suricata-asan
  Configuration directory:                 /opt/suricata-asan/etc/suricata/
  Log directory:                           /opt/suricata-asan/var/log/suricata/

  --prefix                                 /opt/suricata-asan
  --sysconfdir                             /opt/suricata-asan/etc
  --localstatedir                          /opt/suricata-asan/var
  --datarootdir                            /opt/suricata-asan/share

  Host:                                    x86_64-pc-linux-gnu
  Compiler:                                clang (exec name) / clang (real)
  GCC Protect enabled:                     no
  GCC march native enabled:                yes
  GCC Profile enabled:                     no
  Position Independent Executable enabled: no
  CFLAGS                                   -ggdb3 -Werror -Wchar-subscripts -fno-strict-aliasing -fstack-protector-all -fsanitize=address -fno-omit-frame-pointer -Wno-unused-parameter -Wno-unused-function -march=native
  PCAP_CFLAGS                               -I/usr/include
  SECCFLAGS                               


Related issues 1 (0 open1 closed)

Related to Suricata - Bug #2795: asan leak: processing of empty pcapClosedSumera PriyadarsiniActions
Actions #1

Updated by Victor Julien about 5 years ago

The pcap open error is likely correct, but it would be great not to have the memory leak errors.

Actions #2

Updated by Victor Julien about 5 years ago

  • Related to Bug #2795: asan leak: processing of empty pcap added
Actions #3

Updated by Victor Julien about 5 years ago

  • Status changed from New to Closed

Duplicate of #2795

Actions

Also available in: Atom PDF