Project

General

Profile

Actions

Bug #3726

closed

Segmentation fault on rule reload when using libmagic

Added by Angelo Mirabella over 1 year ago. Updated 10 months ago.

Status:
Closed
Priority:
Normal
Target version:
Affected Versions:
Effort:
medium
Difficulty:
medium
Label:
Needs backport to 4.1, Needs backport to 5.0

Description

If libmagic is enabled and there are signature using libmagic, rule reloading causes a segmentation fault on the next file matching the rule.
This is due to an improper reinitialization of the thread contexts.
In attachment there are a sample stack trace and a sample rule file.


Files

stack_trace (52.8 KB) stack_trace Angelo Mirabella, 05/26/2020 04:48 PM
test.rules (1.18 KB) test.rules Angelo Mirabella, 05/26/2020 04:50 PM
suricata_testcase.zip (178 KB) suricata_testcase.zip Angelo Mirabella, 05/28/2020 10:54 PM
build-info.txt (3.82 KB) build-info.txt Angelo Mirabella, 05/28/2020 10:55 PM

Related issues

Copied to Bug #4133: Segmentation fault on rule reload when using libmagicClosedJeff LucovskyActions
Copied to Bug #4134: Segmentation fault on rule reload when using libmagicRejectedShivani BhardwajActions
Actions #1

Updated by Angelo Mirabella over 1 year ago

Uploading the build-info and a zip with a pcap and rules to reproduce the bug.

The password for the zip is: password

Steps to reproduce the bug:
- Start suricata in PCAP mode
- Send signal SIGUSR2 to reload the signatures
- Replay the pcap on the sniffing interface

This should lead to the segmentation fault

Actions #2

Updated by Victor Julien 12 months ago

  • Target version changed from 5.0.4 to 6.0.1
  • Label Needs backport to 4.1, Needs backport to 5.0 added
Actions #3

Updated by Jeff Lucovsky 11 months ago

  • Copied to Bug #4133: Segmentation fault on rule reload when using libmagic added
Actions #4

Updated by Jeff Lucovsky 11 months ago

  • Copied to Bug #4134: Segmentation fault on rule reload when using libmagic added
Actions

Also available in: Atom PDF