Project

General

Profile

Actions
Copy link

Bug #2857

closed

nfq asan heap-use-after-free error

Added by Victor Julien over 5 years ago. Updated over 5 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Alexander Gozman
Target version:
5.0beta1
Affected Versions:
Effort:
Difficulty:
Label:

Description

Since the last nfq merge I'm seeing this on my fw:

==32620==ERROR: AddressSanitizer: heap-use-after-free on address 0x6060000006e0 at pc 0x555555b2f4f2 bp 0x7fffec250230 sp 0x7fffec250220
READ of size 2 at 0x6060000006e0 thread T6 (TX#00)
    #0 0x555555b2f4f1 in VerdictNFQThreadDeinit /home/victor/dev/suricata/src/source-nfq.c:828
    #1 0x555555be1b68 in TmThreadsSlotVar /home/victor/dev/suricata/src/tm-threads.c:644
    #2 0x7ffff4e496da in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76da)
    #3 0x7ffff39a488e in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x12188e)

0x6060000006e0 is located 0 bytes inside of 56-byte region [0x6060000006e0,0x606000000718)
freed by thread T1 (RX-NFQ#0) here:
    #0 0x7ffff6ef87b8 in __interceptor_free (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xde7b8)
    #1 0x555555b2f422 in ReceiveNFQThreadDeinit /home/victor/dev/suricata/src/source-nfq.c:807
    #2 0x555555be0a04 in TmThreadsSlotPktAcqLoop /home/victor/dev/suricata/src/tm-threads.c:364
    #3 0x7ffff4e496da in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76da)

previously allocated by thread T0 (Suricata-Main) here:
    #0 0x7ffff6ef8d38 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded38)
    #1 0x555555b3075e in NFQParseAndRegisterQueues /home/victor/dev/suricata/src/source-nfq.c:928
    #2 0x555555bcbd13 in ParseCommandLine /home/victor/dev/suricata/src/suricata.c:1922
    #3 0x555555bd48f0 in main /home/victor/dev/suricata/src/suricata.c:2901
    #4 0x7ffff38a4b96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96)

Thread T6 (TX#00) created by T0 (Suricata-Main) here:
    #0 0x7ffff6e51d2f in __interceptor_pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x37d2f)
    #1 0x555555be9ac6 in TmThreadSpawn /home/victor/dev/suricata/src/tm-threads.c:1880
    #2 0x555555d1ba47 in RunModeSetIPSAutoFp /home/victor/dev/suricata/src/util-runmodes.c:579
    #3 0x555555ae37d8 in RunModeIpsNFQAutoFp /home/victor/dev/suricata/src/runmode-nfq.c:74
    #4 0x555555b03d4b in RunModeDispatch /home/victor/dev/suricata/src/runmodes.c:378
    #5 0x555555bd4c7c in main /home/victor/dev/suricata/src/suricata.c:2958
    #6 0x7ffff38a4b96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96)
Actions
Copy link
 #1

Updated by Alexander Gozman over 5 years ago

  • Status changed from Assigned to Resolved

https://github.com/OISF/suricata/pull/3694

Sorry for the late response. I have recently changed my job and haven't had enough time to react :)

Actions
Copy link
 #2

Updated by Victor Julien over 5 years ago

  • Status changed from Resolved to Closed
Actions
Copy link

Also available in: Atom PDF