https://redmine.openinfosecfoundation.org/https://redmine.openinfosecfoundation.org/favicon.ico?17011170022019-07-19T21:44:15ZOpen Information Security FoundationSuricata - Bug #3091: Suricata crashes with payload-buffer-size more than 1014kbhttps://redmine.openinfosecfoundation.org/issues/3091?journal_id=130322019-07-19T21:44:15ZAndreas Herzoisf@herzandreas.de
<ul><li><strong>Status</strong> changed from <i>New</i> to <i>Feedback</i></li><li><strong>Assignee</strong> set to <i>Community Ticket</i></li><li><strong>Target version</strong> set to <i>Support</i></li></ul><p>Can you give us more details about your setup?<br />I couldn't reproduce it.</p> Suricata - Bug #3091: Suricata crashes with payload-buffer-size more than 1014kbhttps://redmine.openinfosecfoundation.org/issues/3091?journal_id=131132019-07-27T14:35:13ZIvan Ivanov
<ul></ul><p>I found the following, if I set the parameter:<br />stream:<br /> depth: 2059kb - or more it reproduces. <br />payload-buffer-size: 1015kb</p>
<p>And there are another strange thing, if I set for example:<br />stream:<br /> depth: 32mb <br />and payload-buffer-size: 1014kb<br />I get in "payload" in eve.json and unified2-alert much bigger part of thaffic, than previous case.</p> Suricata - Bug #3091: Suricata crashes with payload-buffer-size more than 1014kbhttps://redmine.openinfosecfoundation.org/issues/3091?journal_id=131142019-07-27T14:41:32ZPeter Manevpetermanev@gmail.com
<ul></ul><p>Thank you for the feedback!<br />Same issue on 4.1 and git I suppose?</p> Suricata - Bug #3091: Suricata crashes with payload-buffer-size more than 1014kbhttps://redmine.openinfosecfoundation.org/issues/3091?journal_id=131152019-07-27T20:58:45ZAndreas Herzoisf@herzandreas.de
<ul></ul><p>I still can't reproduce it, can you post more details about your system/setup and attach the suricata.yaml and maybe add suricata --build-info as well?</p> Suricata - Bug #3091: Suricata crashes with payload-buffer-size more than 1014kbhttps://redmine.openinfosecfoundation.org/issues/3091?journal_id=131612019-07-27T23:56:14ZIvan Ivanov
<ul><li><strong>File</strong> <a href="/attachments/1734">build_info.txt</a> <a class="icon-only icon-download" title="Download" href="/attachments/download/1734/build_info.txt">build_info.txt</a> added</li><li><strong>File</strong> <a href="/attachments/1735">suricata_1015kb_2059kb.yaml</a> <a class="icon-only icon-download" title="Download" href="/attachments/download/1735/suricata_1015kb_2059kb.yaml">suricata_1015kb_2059kb.yaml</a> added</li></ul><p>OS Name: Microsoft Windows 10 Enterprise<br />OS Version: 10.0.17134 N/A Build 17134<br />There are suricata.yaml and suricata --build-info in attached files. <br />Suricata: <a class="external" href="https://www.openinfosecfoundation.org/download/windows/Suricata-4.1.4-1-64bit.msi">https://www.openinfosecfoundation.org/download/windows/Suricata-4.1.4-1-64bit.msi</a><br />npcap-0.99-r7.exe (md5: 26f0298ba70add3494b934230033b251)</p> Suricata - Bug #3091: Suricata crashes with payload-buffer-size more than 1014kbhttps://redmine.openinfosecfoundation.org/issues/3091?journal_id=131762019-07-29T20:04:18ZAndreas Herzoisf@herzandreas.de
<ul></ul><p>Ah that's on Windows, whole different story then and the windows folks need to jump in.</p> Suricata - Bug #3091: Suricata crashes with payload-buffer-size more than 1014kbhttps://redmine.openinfosecfoundation.org/issues/3091?journal_id=132012019-07-31T12:29:54ZPeter Manevpetermanev@gmail.com
<ul></ul><p>Just a sanity check @ Ivan - is this the MSI pkg or local compile ?</p> Suricata - Bug #3091: Suricata crashes with payload-buffer-size more than 1014kbhttps://redmine.openinfosecfoundation.org/issues/3091?journal_id=132202019-08-06T21:18:12ZIvan Ivanov
<ul></ul><p>MSI from this <a class="external" href="https://www.openinfosecfoundation.org/download/windows/Suricata-4.1.4-1-64bit.msi">https://www.openinfosecfoundation.org/download/windows/Suricata-4.1.4-1-64bit.msi</a></p> Suricata - Bug #3091: Suricata crashes with payload-buffer-size more than 1014kbhttps://redmine.openinfosecfoundation.org/issues/3091?journal_id=132732019-08-19T07:32:51ZVictor Julienvictor@inliniac.net
<ul></ul><p>Wonder if this could be related to a limited stack size.</p> Suricata - Bug #3091: Suricata crashes with payload-buffer-size more than 1014kbhttps://redmine.openinfosecfoundation.org/issues/3091?journal_id=135302019-09-08T13:32:58ZPeter Manevpetermanev@gmail.com
<ul></ul><p>I could not reproduce the same with Suricata 4.1.4 on Windows 2016 Standard Server and on Win 10 Enterprise.<br />In my case Suricata starts and inspects traffic ok it seems. Does it only trigger the crash on actual alert/buffer logging/print or at start up in your case?</p> Suricata - Bug #3091: Suricata crashes with payload-buffer-size more than 1014kbhttps://redmine.openinfosecfoundation.org/issues/3091?journal_id=222212022-02-05T22:51:32ZAndreas Herzoisf@herzandreas.de
<ul><li><strong>Status</strong> changed from <i>Feedback</i> to <i>Closed</i></li></ul><p>Hi, we're closing this issue since there have been no further responses. <br />If you think this issue is still relevant, try to test it again with the <br />most recent version of suricata and reopen the issue. If you want to <br />improve the bug report please take a look at <br /><a class="external" href="https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Reporting_Bugs">https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Reporting_Bugs</a></p> Suricata - Bug #3091: Suricata crashes with payload-buffer-size more than 1014kbhttps://redmine.openinfosecfoundation.org/issues/3091?journal_id=222312022-02-06T07:31:19ZVictor Julienvictor@inliniac.net
<ul><li><strong>Related to</strong> <i><a class="issue tracker-2 status-5 priority-4 priority-default closed" href="/issues/4550">Feature #4550</a>: pthreads: set minimum stack size</i> added</li></ul>