Actions
Bug #3448
closedSuricata 4.1 Seg Fault: Socket Control pcap-file and corrupt pcap
Description
Suricata 4.1 (tested on 4.1.5 and 4.1.6) seg faults when using socket control, and sending the "pcap-file" command with a bad pcap. In particular the issue has be observed when the provided pcap file is not a valid pcap file (but is an existing file). Suricata 5 (tested on 5.0.1) seem not to demonstrate this issue; also tested on Suricata 4.0.7 and didn't have the issue.
To reproduce:
1. Start Suricata in Unix socket mode:
$ suricata -c suricata.yaml -k none --runmode single --unix-socket=/opt/suri.socket
2. Use suricatasc to connect to socket and issue 'pcap-file' command, giving it a file that is not a valid pcap:
$ echo "pwn" > /tmp/not-a-pcap.pcap
$ suricatasc /opt/suri.socket
Command list: shutdown, command-list, help, version, uptime, running-mode, capture-mode, conf-get, dump-counters, reload-rules, ruleset-reload-rules, ruleset-reload-nonblocking, ruleset-reload-time, ruleset-stats, ruleset-failed-rules, register-tenant-handler, unregister-tenant-handler, register-tenant, reload-tenant, unregister-tenant, add-hostbit, remove-hostbit, list-hostbit, reopen-log-files, memcap-set, memcap-show, memcap-list, pcap-file, pcap-file-continuous, pcap-file-number, pcap-file-list, pcap-last-processed, pcap-interrupt, pcap-current, quit
>>> pcap-file /tmp/not-a-pcap.pcap /tmp/
Success:
"Successfully added file to list"
3. Observe Suricata seg fault. GDB output:
Thread 3 "W#01" received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x7f6739ed8700 (LWP 156)] UnixSocketPcapFile (tm=tm@entry=TM_ECODE_FAILED, last_processed=last_processed@entry=0x0) at runmode-unix-socket.c:605 605 unix_manager_pcap_last_processed.tv_sec = last_processed->tv_sec; (gdb) bt #0 UnixSocketPcapFile (tm=tm@entry=TM_ECODE_FAILED, last_processed=last_processed@entry=0x0) at runmode-unix-socket.c:605 #1 0x000055b15fe2cb3c in InitPcapFile (pfv=pfv@entry=0x7f672c49cba0) at source-pcap-file-helper.c:178 #2 0x000055b15fe27d89 in ReceivePcapFileThreadInit (tv=0x7f673593a0c0, initdata=0x7f6734000c60, data=0x7f6739ed73e8) at source-pcap-file.c:269 #3 0x000055b15fe48fd9 in TmThreadsSlotPktAcqLoop (td=0x7f673593a0c0) at tm-threads.c:330 #4 0x00007f673c0106db in start_thread (arg=0x7f6739ed8700) at pthread_create.c:463 #5 0x00007f673b47488f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95 (gdb) continue Continuing. [Thread 0x7f6739ed8700 (LWP 156) exited] [Thread 0x7f673a6d9700 (LWP 154) exited] Program terminated with signal SIGSEGV, Segmentation fault. The program no longer exists. (gdb)
Updated by Victor Julien almost 5 years ago
- Status changed from New to Assigned
- Assignee set to Shivani Bhardwaj
- Priority changed from Normal to High
- Target version set to 4.1.7
Updated by Victor Julien almost 5 years ago
- Related to Bug #1694: unix-socket reading 0 size pcap added
Updated by Victor Julien almost 5 years ago
- Status changed from Assigned to Closed
- Priority changed from High to Normal
Actions