Project

General

Profile

Actions

Bug #3349

closed

Suricata 5.0 crashes while rule reload

Added by haiwei liu about 5 years ago. Updated almost 3 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

Suricata 5.0 crashes while rule reload and performing flow detect.

Backtrace

#0  0x00007fb6ce86e337 in raise () from /lib64/libc.so.6
#1  0x00007fb6ce86fa28 in abort () from /lib64/libc.so.6
#2  0x00007fb6ce8b0e87 in __libc_message () from /lib64/libc.so.6
#3  0x00007fb6ce8b9679 in _int_free () from /lib64/libc.so.6
#4  0x00000000004aa43f in DetectEngineThreadCtxFree (det_ctx=0x7fb6a4a96ce0) at detect-engine.c:2559
#5  0x00000000004ad8f7 in DetectEngineThreadCtxDeinit (tv=<optimized out>, data=0x7fb6a4a96ce0) at detect-engine.c:2604
#6  0x00000000004ae090 in DetectEngineReloadThreads (new_de_ctx=new_de_ctx@entry=0xa8dcf20) at detect-engine.c:1543
#7  0x00000000004b1890 in DetectEngineReload (suri=suri@entry=0xa81100 <suricata>) at detect-engine.c:3681
#8  0x000000000041fd55 in SuricataMainLoop (suri=<optimized out>) at suricata.c:2860
#9  main (argc=<optimized out>, argv=<optimized out>) at suricata.c:3021

reason:

InspectionBuffer *InspectionBufferGet(DetectEngineThreadCtx *det_ctx, const int list_id)
{
    InspectionBuffer *buffer = &det_ctx->inspect.buffers[list_id];
    if (buffer->inspect == NULL) {
        det_ctx->inspect.to_clear_queue[det_ctx->inspect.to_clear_idx++] = list_id;
    }
    return buffer;
}

The size of det_ctx->inspect.to_clear_idx will exceed det_ctx->inspect.buffers_size during run, resulting in memory out of bounds.

Actions #1

Updated by Victor Julien about 5 years ago

  • Description updated (diff)
  • Assignee changed from Victor Julien to OISF Dev
  • Priority changed from High to Normal
  • Target version changed from 5.0.0 to 5.0.1
  • Affected Versions 5.0.0 added
  • Affected Versions deleted (5.0beta1)
Actions #2

Updated by Victor Julien about 5 years ago

What rules are you using?

Actions #3

Updated by Victor Julien about 5 years ago

  • Effort deleted (high)
Actions #4

Updated by Victor Julien about 5 years ago

  • Target version changed from 5.0.1 to 5.0.2
Actions #5

Updated by Victor Julien almost 5 years ago

  • Target version changed from 5.0.2 to 5.0.3
Actions #6

Updated by Victor Julien almost 5 years ago

  • Priority changed from Normal to High
Actions #7

Updated by Victor Julien over 4 years ago

  • Status changed from New to Feedback
  • Priority changed from High to Normal
  • Target version changed from 5.0.3 to TBD
Actions #8

Updated by Andreas Herz almost 3 years ago

  • Status changed from Feedback to Closed

Hi, we're closing this issue since there have been no further responses.
If you think this issue is still relevant, try to test it again with the
most recent version of suricata and reopen the issue. If you want to
improve the bug report please take a look at
https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Reporting_Bugs

Actions #9

Updated by Victor Julien almost 3 years ago

This was fixed in 5.0.7. See ticket #4485.

Actions

Also available in: Atom PDF