Project

General

Profile

Actions

Bug #3490

closed

Segfault when facing malformed SNMP rules

Added by Sascha Steinbiss almost 5 years ago. Updated over 4 years ago.

Status:
Closed
Priority:
Normal
Target version:
Affected Versions:
Effort:
Difficulty:
Label:
Needs backport

Description

In the current 6.0.0 master, Suricata segfaults during rule parsing when facing invalid SNMP rules, e.g.:

alert snmp any any -> any any (msg:"SNMP test1"; snmp.version; sid:1000003;)
alert snmp any any -> any any (msg:"SNMP test2"; snmp.pdu_type; sid:1000007;)

leads to:

[10855] 20/2/2020 -- 10:53:13 - (suricata.c:1068) <Notice> (LogVersion) -- This is Suricata version 6.0.0-dev (73bd9e25f 2020-02-19) running in USER mode
[10855] 20/2/2020 -- 10:53:13 - (util-cpu.c:171) <Info> (UtilCpuPrintSummary) -- CPUs/cores online: 8
[10855] 20/2/2020 -- 10:53:13 - (util-logopenfile.c:474) <Info> (SCConfLogOpenGeneric) -- fast output device (regular) initialized: fast.log
[10855] 20/2/2020 -- 10:53:13 - (util-logopenfile.c:474) <Info> (SCConfLogOpenGeneric) -- eve-log output device (regular) initialized: eve.json
[10855] 20/2/2020 -- 10:53:13 - (util-logopenfile.c:474) <Info> (SCConfLogOpenGeneric) -- stats output device (regular) initialized: stats.log
[10855] 20/2/2020 -- 10:53:13 - (util-classification-config.c:365) <Info> (SCClassConfParseFile) -- Added "43" classification types from the classification file
[10855] 20/2/2020 -- 10:53:13 - (util-reference-config.c:340) <Info> (SCRConfParseFile) -- Added "19" reference types from the reference.config file
zsh: segmentation fault (core dumped)

I have a patch available and can provide a PR soon.


Related issues 2 (0 open2 closed)

Related to Suricata - Bug #3489: rule parsing: memory leaksClosedJeff LucovskyActions
Copied to Suricata - Bug #3576: Segfault when facing malformed SNMP rulesClosedJeff LucovskyActions
Actions

Also available in: Atom PDF