Bug #33
closedWe should not abort() inside of the stream handler
Description
I'm still running into these. Please replace the abort() calls with proper error handling code. The engine should be able to recover from these conditions without completely exiting.
stream-tcp-reassemble.c:266: abort();
stream-tcp-reassemble.c:274: abort();
stream-tcp-reassemble.c:281: abort();
stream-tcp-reassemble.c:1544: abort();
#0 0x00007f52406b54b5 in *GI_raise (sig=<value optimized out>) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
64 ../nptl/sysdeps/unix/sysv/linux/raise.c: No such file or directory.
in ../nptl/sysdeps/unix/sysv/linux/raise.c
(gdb) bt full
#0 0x00007f52406b54b5 in *_GI_raise (sig=<value optimized out>) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
pid = <value optimized out>
selftid = <value optimized out>
#1 0x00007f52406b8f50 in *_GI_abort () at abort.c:92
act = {__sigaction_handler = {sa_handler = 0x4a4578, sa_sigaction = 0x4a4578}, sa_mask = {__val = {139991245879368, 139991222475808, 1540, 139991222476048, 139991245027782, 206158430232, 139991222476064, 139991222475840,
139991244938664, 206158430256, 139991222476088, 139990973066176, 733634176081289574, 7310291573909233726, 8028925695096663399, 140734628222360}}, sa_flags = 1081825523, sa_restorer = 0x4a4320}
sigs = {__val = {32, 0 <repeats 15 times>}}
#2 0x00007f52406ae481 in *__GI_assert_fail (assertion=0x4a4578 "!(((len + dst_pos) - 1) > dst_seg->payload_len)", file=<value optimized out>, line=1540, function=0x4a4600 "StreamTcpSegmentDataReplace") at assert.c:81
buf = 0x7f523038abc0 "suricata: stream-tcp-reassemble.c:1540: StreamTcpSegmentDataReplace: Assertion `!(((len + dst_pos) - 1) > dst_seg->payload_len)' failed.\n"
#3 0x000000000047e660 in StreamTcpSegmentDataReplace (dst_seg=0x7f5238f3bcd0, src_seg=0x7f5238f3bf10, start_point=4199166194, len=401) at stream-tcp-reassemble.c:1540
seq = 4199166191
s_cnt = 0
dst_pos = 224
PRETTY_FUNCTION = "StreamTcpSegmentDataReplace"
#4 0x000000000047c02d in HandleSegmentStartsBeforeListSegment (stream=0x7f5238dad838, list_seg=0x7f5238e7c3d0, seg=0x7f5238f3bf10, os_policy=0 '\000') at stream-tcp-reassemble.c:659
new_seg = 0x7f5238f3bcd0
copy_len = 401
overlap = 3
packet_length = 404
overlap_point = 4199166191
end_before = 0 '\000'
end_after = 1 '\001'
end_same = 0 '\000'
FUNCTION = "HandleSegmentStartsBeforeListSegment"
#5 0x000000000047ad28 in ReassembleInsertSegment (stream=0x7f5238dad838, seg=0x7f5238f3bf10) at stream-tcp-reassemble.c:353
list_seg = 0x7f5238e7c3d0
os_policy = 0 '\000'
ret_value = 0
return_seg = 0 '\000'
FUNCTION = "ReassembleInsertSegment"
#6 0x000000000047cf3c in StreamTcpReassembleHandleSegmentHandleData (ssn=0x7f5238dad7f0, stream=0x7f5238dad838, p=0x13119e0) at stream-tcp-reassemble.c:1096
seg = 0x7f5238f3bf10
FUNCTION = "StreamTcpReassembleHandleSegmentHandleData"
#7 0x000000000047e3f0 in StreamTcpReassembleHandleSegment (ra_ctx=0x7f5230001120, ssn=0x7f5238dad7f0, stream=0x7f5238dad838, p=0x13119e0) at stream-tcp-reassemble.c:1483
FUNCTION = "StreamTcpReassembleHandleSegment"
#8 0x0000000000477a28 in HandleEstablishedPacketToServer (ssn=0x7f5238dad7f0, p=0x13119e0, stt=0x7f5230000c60) at stream-tcp.c:1219
No locals.
#9 0x0000000000477d60 in StreamTcpPacketStateEstablished (tv=0x476ef10, p=0x13119e0, stt=0x7f5230000c60, ssn=0x7f5238dad7f0) at stream-tcp.c:1368
No locals.
#10 0x0000000000479bc0 in StreamTcpPacket (tv=0x476ef10, p=0x13119e0, stt=0x7f5230000c60) at stream-tcp.c:2267
ssn = 0x7f5238dad7f0
#11 0x0000000000479d91 in StreamTcp (tv=0x476ef10, p=0x13119e0, data=0x7f5230000c60, pq=0x4960790) at stream-tcp.c:2322
stt = 0x7f5230000c60
ret = TM_ECODE_OK
#12 0x000000000046bd1b in TmThreadsSlot1 (td=0x476ef10) at tm-threads.c:325
tv = 0x476ef10
s = 0x4960760
p = 0x13119e0
run = 1 '\001'
r = TM_ECODE_OK
#13 0x00007f5240e46a04 in start_thread (arg=<value optimized out>) at pthread_create.c:300
__res = <value optimized out>
pd = 0x7f523f167910
unwind_buf = {cancel_jmp_buf = {{jmp_buf = {139991222483216, 3323098325093423544, 140734628211648, 0, 0, 3, 3406275490480940616, -3406263275313718856}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {
prev = 0x0, cleanup = 0x0, canceltype = 0}}}
not_first_call = <value optimized out>
---Type <return> to continue, or q <return> to quit--
robust = <value optimized out>
#14 0x00007f52407617bd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
No locals.
#15 0x0000000000000000 in ?? ()