Project

General

Profile

Actions

Bug #3272

closed

ftp: ASAN error (4.1.x)

Added by Victor Julien about 5 years ago. Updated about 5 years ago.

Status:
Rejected
Priority:
Normal
Assignee:
-
Target version:
-
Affected Versions:
Effort:
Difficulty:
Label:

Description

AddressSanitizer:DEADLYSIGNAL
=================================================================
==13109==ERROR: AddressSanitizer: SEGV on unknown address 0x60210149c62f (pc 0x000000631fc6 bp 0x7fe6582825f0 sp 0x7fe6582820e0 T56)
==13109==The signal is caused by a WRITE memory access.
    #0 0x631fc5 in FTPParseRequest /home/victor/dev/suricata/src/app-layer-ftp.c
    #1 0x676f2b in AppLayerParserParse /home/victor/dev/suricata/src/app-layer-parser.c:1225:13
    #2 0x531993 in AppLayerHandleTCPData /home/victor/dev/suricata/src/app-layer.c:660:17
    #3 0xd18545 in ReassembleUpdateAppLayer /home/victor/dev/suricata/src/stream-tcp-reassemble.c:1066:11
    #4 0xd17140 in StreamTcpReassembleAppLayer /home/victor/dev/suricata/src/stream-tcp-reassemble.c:1123:12
    #5 0xd1df1a in StreamTcpReassembleHandleSegmentUpdateACK /home/victor/dev/suricata/src/stream-tcp-reassemble.c:1689:9
    #6 0xd1dbd7 in StreamTcpReassembleHandleSegment /home/victor/dev/suricata/src/stream-tcp-reassemble.c:1732:9
    #7 0xcf3970 in HandleEstablishedPacketToClient /home/victor/dev/suricata/src/stream-tcp.c:2408:9
    #8 0xcb5bb2 in StreamTcpPacketStateEstablished /home/victor/dev/suricata/src/stream-tcp.c:2645:13
    #9 0xc9396c in StreamTcpStateDispatch /home/victor/dev/suricata/src/stream-tcp.c:4650:17
    #10 0xc8a300 in StreamTcpPacket /home/victor/dev/suricata/src/stream-tcp.c:4838:13
    #11 0xc94a09 in StreamTcp /home/victor/dev/suricata/src/stream-tcp.c:5174:11
    #12 0xa7e0de in FlowWorker /home/victor/dev/suricata/src/flow-worker.c:233:9
    #13 0xd5ef38 in TmThreadsSlotVarRun /home/victor/dev/suricata/src/tm-threads.c:128:17
    #14 0xd70548 in TmThreadsSlotVar /home/victor/dev/suricata/src/tm-threads.c:585:17
    #15 0x7fe68ad446da in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76da)
AddressSanitizer:DEADLYSIGNAL
    #16 0x7fe68886988e in clone /build/glibc-OTsEL5/glibc-2.27/misc/../sysdeps/unix/sysv/linux/x86_64/clone.S:95

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /home/victor/dev/suricata/src/app-layer-ftp.c in FTPParseRequest
Thread T56 (W#55) created by T0 (Suricata-Main) here:
    #0 0x4b3f9d in pthread_create (/home/victor/dev/suricata/src/suricata+0x4b3f9d)
    #1 0xd6c1b2 in TmThreadSpawn /home/victor/dev/suricata/src/tm-threads.c:1868:14
    #2 0xc0d989 in RunModeFilePcapAutoFp /home/victor/dev/suricata/src/runmode-pcap-file.c:252:13
    #3 0xc243eb in RunModeDispatch /home/victor/dev/suricata/src/runmodes.c:377:5
    #4 0xd2e861 in main /home/victor/dev/suricata/src/suricata.c:3034:5
    #5 0x7fe688769b96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310

==13109==ABORTING

This is with a very large pcap, so will see if I can somehow isolate it. Please see if you can find an issue based on the above bt.

Related issues 1 (0 open1 closed)

Copied from Suricata - Bug #3226: ftp: ASAN errorClosedJeff LucovskyActions
Actions #1

Updated by Victor Julien about 5 years ago

  • Copied from Bug #3226: ftp: ASAN error added
Actions #2

Updated by Jeff Lucovsky about 5 years ago

This won't be an issue with 4.1.5 as the code checks if there's additional parameters supplied with RETR or STOR:

For each command, more than 5 characters is required. Thus, when these commands are processed later and the address 5 bytes earlier is referenced on https://github.com/OISF/suricata/blob/master-4.1.x/src/app-layer-ftp.c#L451 won't segfault

Actions #3

Updated by Victor Julien about 5 years ago

  • Status changed from Assigned to Rejected
  • Assignee deleted (Victor Julien)
  • Target version deleted (4.1.6)
  • Private changed from Yes to No

Thanks Jeff.

Closing as this issue only existed in the 5.0dev branch, but not in 4.1.

Actions

Also available in: Atom PDF