Project

General

Profile

Actions
Copy link

Bug #2854

closed

SIGSEGV while passing non pcap to process via unix socket

Added by Peter Manev about 6 years ago. Updated almost 6 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Danny Browning
Target version:
-
Affected Versions:
Effort:
Difficulty:
Label:

Description

Using - 5.0.0-dev (rev d6903e70c) it seems it segmentation faults if a non pcap (txt for example0 is passed for processing via unix-socket

[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Core was generated by `/opt/suritest/bin/suricata --set pcap-file.checksum-checks=no --unix-socket -S'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x000055fa45ea320f in UnixSocketPcapFile (tm=TM_ECODE_FAILED, last_processed=0x0) at runmode-unix-socket.c:605
605        unix_manager_pcap_last_processed.tv_sec = last_processed->tv_sec;
[Current thread is 1 (Thread 0x7f8892ffd700 (LWP 29258))]
(gdb) thread apply all bt

Thread 3 (Thread 0x7f889c9beb40 (LWP 27942)):
#0  0x00007f889cc0ea60 in __GI___nanosleep (requested_time=requested_time@entry=0x7fff60528ce0, remaining=remaining@entry=0x0) at ../sysdeps/unix/sysv/linux/nanosleep.c:28
#1  0x00007f889cc39ba4 in usleep (useconds=<optimized out>) at ../sysdeps/posix/usleep.c:32
#2  0x000055fa45ee25b6 in SuricataMainLoop (suri=0x55fa462008c0 <suricata>) at suricata.c:2842
#3  0x000055fa45ee2b7d in main (argc=6, argv=0x7fff60529ec8) at suricata.c:2985

Thread 2 (Thread 0x7f8899bf6700 (LWP 27974)):
#0  0x00007f889cc0ea60 in __GI___nanosleep (requested_time=requested_time@entry=0x7f8899bf2fa0, remaining=remaining@entry=0x0) at ../sysdeps/unix/sysv/linux/nanosleep.c:28
#1  0x00007f889cc39ba4 in usleep (useconds=<optimized out>) at ../sysdeps/posix/usleep.c:32
#2  0x000055fa45eeb70e in TmThreadWaitForFlag (tv=0x7f8895538970, flags=258) at tm-threads.c:1986
#3  0x000055fa45eeaee5 in TmThreadSpawn (tv=0x7f8895538970) at tm-threads.c:1886
#4  0x000055fa45ea06d9 in RunModeFilePcapAutoFp () at runmode-pcap-file.c:222
#5  0x000055fa45ea78fd in RunModeDispatch (runmode=2, custom_mode=0x55fa4610f696 "autofp") at runmodes.c:378
#6  0x000055fa45ea309e in UnixSocketPcapFilesCheck (data=0x55fa66d77020) at runmode-unix-socket.c:574
#7  0x000055fa45eeed76 in UnixCommandBackgroundTasks (this=0x55fa461f0660 <command>) at unix-manager.c:450
#8  0x000055fa45ef2080 in UnixManager (th_v=0x55fa6116ee10, thread_data=0x7f8894000b20) at unix-manager.c:1146
#9  0x000055fa45ee7fcb in TmThreadsManagement (td=0x55fa6116ee10) at tm-threads.c:704
#10 0x00007f889dd15fa3 in start_thread (arg=<optimized out>) at pthread_create.c:486
#11 0x00007f889cc4180f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Thread 1 (Thread 0x7f8892ffd700 (LWP 29258)):
#0  0x000055fa45ea320f in UnixSocketPcapFile (tm=TM_ECODE_FAILED, last_processed=0x0) at runmode-unix-socket.c:605
#1  0x000055fa45ebe394 in InitPcapFile (pfv=0x7f888c26cba0) at source-pcap-file-helper.c:178
#2  0x000055fa45eb910f in ReceivePcapFileThreadInit (tv=0x7f8895538970, initdata=0x7f88940024b0, data=0x7f8892ffca98) at source-pcap-file.c:268
#3  0x000055fa45ee71fe in TmThreadsSlotPktAcqLoop (td=0x7f8895538970) at tm-threads.c:293
#4  0x00007f889dd15fa3 in start_thread (arg=<optimized out>) at pthread_create.c:486
#5  0x00007f889cc4180f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
Actions
Copy link
 #1

Updated by Victor Julien about 6 years ago

  • Status changed from New to Assigned
  • Assignee set to Danny Browning
Actions
Copy link
 #2

Updated by Danny Browning about 6 years ago

Might be a duplicate of #1694.

Actions
Copy link
 #3

Updated by Danny Browning about 6 years ago

Duplicate of #1694. Running an invalid file against the MR for that issue results in

[3075] 7/3/2019 -- 12:49:12 - (source-pcap-file-helper.c:174) <Error> (InitPcapFile) -- [ERRCODE: SC_ERR_FOPEN(44)] - unknown file format
[3075] 7/3/2019 -- 12:49:12 - (source-pcap-file.c:274) <Warning> (ReceivePcapFileThreadInit) -- [ERRCODE: SC_ERR_PCAP_DISPATCH(20)] - Failed to init pcap file custom.rules, skipping
[775] 7/3/2019 -- 12:49:12 - (unix-manager.c:131) <Info> (UnixNew) -- Using unix socket file '/var/run/suricata/suricata-command.socket'
[775] 7/3/2019 -- 12:49:12 - (unix-manager.c:144) <Error> (UnixNew) -- [ERRCODE: SC_ERR_INITIALIZATION(45)] - Cannot create socket directory /var/run/suricata/: Permission denied
[775] 7/3/2019 -- 12:49:12 - (unix-manager.c:1058) <Warning> (UnixManagerInit) -- [ERRCODE: SC_ERR_INITIALIZATION(45)] - Unable to create unix command socket
[775] 7/3/2019 -- 12:49:12 - (tm-threads.c:2172) <Notice> (TmThreadWaitOnThreadInit) -- all 3 packet processing threads, 7 management threads initialized, engine started.
[3075] 7/3/2019 -- 12:49:12 - (source-pcap-file.c:161) <Error> (ReceivePcapFileLoop) -- [ERRCODE: SC_ERR_INVALID_ARGUMENT(13)] - pcap file reader thread failed to initialize
[775] 7/3/2019 -- 12:49:12 - (suricata.c:2851) <Notice> (SuricataMainLoop) -- Signal Received.  Stopping engine.
[775] 7/3/2019 -- 12:49:12 - (suricata.c:1109) <Info> (SCPrintElapsedTime) -- time elapsed 0.243s
[775] 7/3/2019 -- 12:49:13 - (counters.c:849) <Info> (StatsLogSummary) -- Alerts: 0
[775] 7/3/2019 -- 12:49:13 - (detect-engine-build.c:1733) <Info> (SigAddressCleanupStage1) -- cleaning up signature grouping structure... complete
Actions
Copy link
 #4

Updated by Andreas Herz almost 6 years ago

  • Status changed from Assigned to Closed

Was a duplicate which got a fix.

Actions
Copy link

Also available in: Atom PDF