Actions
Bug #3272
closedftp: ASAN error (4.1.x)
Status:
Rejected
Priority:
Normal
Assignee:
-
Target version:
-
Description
AddressSanitizer:DEADLYSIGNAL ================================================================= ==13109==ERROR: AddressSanitizer: SEGV on unknown address 0x60210149c62f (pc 0x000000631fc6 bp 0x7fe6582825f0 sp 0x7fe6582820e0 T56) ==13109==The signal is caused by a WRITE memory access. #0 0x631fc5 in FTPParseRequest /home/victor/dev/suricata/src/app-layer-ftp.c #1 0x676f2b in AppLayerParserParse /home/victor/dev/suricata/src/app-layer-parser.c:1225:13 #2 0x531993 in AppLayerHandleTCPData /home/victor/dev/suricata/src/app-layer.c:660:17 #3 0xd18545 in ReassembleUpdateAppLayer /home/victor/dev/suricata/src/stream-tcp-reassemble.c:1066:11 #4 0xd17140 in StreamTcpReassembleAppLayer /home/victor/dev/suricata/src/stream-tcp-reassemble.c:1123:12 #5 0xd1df1a in StreamTcpReassembleHandleSegmentUpdateACK /home/victor/dev/suricata/src/stream-tcp-reassemble.c:1689:9 #6 0xd1dbd7 in StreamTcpReassembleHandleSegment /home/victor/dev/suricata/src/stream-tcp-reassemble.c:1732:9 #7 0xcf3970 in HandleEstablishedPacketToClient /home/victor/dev/suricata/src/stream-tcp.c:2408:9 #8 0xcb5bb2 in StreamTcpPacketStateEstablished /home/victor/dev/suricata/src/stream-tcp.c:2645:13 #9 0xc9396c in StreamTcpStateDispatch /home/victor/dev/suricata/src/stream-tcp.c:4650:17 #10 0xc8a300 in StreamTcpPacket /home/victor/dev/suricata/src/stream-tcp.c:4838:13 #11 0xc94a09 in StreamTcp /home/victor/dev/suricata/src/stream-tcp.c:5174:11 #12 0xa7e0de in FlowWorker /home/victor/dev/suricata/src/flow-worker.c:233:9 #13 0xd5ef38 in TmThreadsSlotVarRun /home/victor/dev/suricata/src/tm-threads.c:128:17 #14 0xd70548 in TmThreadsSlotVar /home/victor/dev/suricata/src/tm-threads.c:585:17 #15 0x7fe68ad446da in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76da) AddressSanitizer:DEADLYSIGNAL #16 0x7fe68886988e in clone /build/glibc-OTsEL5/glibc-2.27/misc/../sysdeps/unix/sysv/linux/x86_64/clone.S:95 AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV /home/victor/dev/suricata/src/app-layer-ftp.c in FTPParseRequest Thread T56 (W#55) created by T0 (Suricata-Main) here: #0 0x4b3f9d in pthread_create (/home/victor/dev/suricata/src/suricata+0x4b3f9d) #1 0xd6c1b2 in TmThreadSpawn /home/victor/dev/suricata/src/tm-threads.c:1868:14 #2 0xc0d989 in RunModeFilePcapAutoFp /home/victor/dev/suricata/src/runmode-pcap-file.c:252:13 #3 0xc243eb in RunModeDispatch /home/victor/dev/suricata/src/runmodes.c:377:5 #4 0xd2e861 in main /home/victor/dev/suricata/src/suricata.c:3034:5 #5 0x7fe688769b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310 ==13109==ABORTING
This is with a very large pcap, so will see if I can somehow isolate it. Please see if you can find an issue based on the above bt.
Updated by Victor Julien about 5 years ago
- Copied from Bug #3226: ftp: ASAN error added
Updated by Jeff Lucovsky about 5 years ago
This won't be an issue with 4.1.5 as the code checks if there's additional parameters supplied with RETR or STOR:
- retr https://github.com/OISF/suricata/blob/master-4.1.x/src/app-layer-ftp.c#L339
- stor https://github.com/OISF/suricata/blob/master-4.1.x/src/app-layer-ftp.c#L347
For each command, more than 5 characters is required. Thus, when these commands are processed later and the address 5 bytes earlier is referenced on https://github.com/OISF/suricata/blob/master-4.1.x/src/app-layer-ftp.c#L451 won't segfault
Updated by Victor Julien about 5 years ago
- Status changed from Assigned to Rejected
- Assignee deleted (
Victor Julien) - Target version deleted (
4.1.6) - Private changed from Yes to No
Thanks Jeff.
Closing as this issue only existed in the 5.0dev branch, but not in 4.1.
Actions