Project

General

Profile

Actions
Copy link

Bug #3645

closed

Invalid memory read on malformed rule with Lua script

Added by Jeff Lucovsky about 4 years ago. Updated almost 4 years ago.

Status:
Closed
Priority:
Immediate
Assignee:
Shivani Bhardwaj
Target version:
4.1.8
Affected Versions:
4.1.7, 5.0.2
Effort:
Difficulty:
Label:

Description

When a trailing semicolon is omitted from a rule with a lua script, Suricata still tries to load a lua script from the wrong memory location in the process. On 4.0 and earlier, this location is semi-random and doesn't always repro. On 4.1, the location seems consistent, but it still incorrect. On 4.0 and earlier, this can lead to segmentation faults if the memory is not a valid location.

Sample rule:
alert http any any -> any any (msg:"Test Lua on Load Failure"; content:"|00 00 00 00|"; lua:lua/test.lua; rev:1)

Sample Error Output:
[56494] 11/12/2018 -- 21:56:15 - (detect-lua.c:623) <Error> (DetectLuaThreadInit) -- [ERRCODE: SC_ERR_LUA_ERROR(212)] - couldn't load file: cannot open n/hta
: No such file or directory

Related issues 1 (0 open1 closed)

Copied from Suricata - Bug #2737: Invalid memory read on malformed rule with Lua scriptClosedJeff LucovskyActions
Actions
Copy link
 #1

Updated by Jeff Lucovsky about 4 years ago

  • Copied from Bug #2737: Invalid memory read on malformed rule with Lua script added
Actions
Copy link
 #2

Updated by Jeff Lucovsky about 4 years ago

  • Label deleted (Needs backport to 4.1, Needs backport to 5.0)
Actions
Copy link
 #3

Updated by Shivani Bhardwaj about 4 years ago

  • Priority changed from Normal to Immediate
Actions
Copy link
 #4

Updated by Shivani Bhardwaj almost 4 years ago

  • Status changed from Assigned to Closed
Actions
Copy link

Also available in: Atom PDF