Project

General

Profile

Actions

Bug #3926

closed

dcerpc: Rust panic in handle_common_stub

Added by Victor Julien about 2 years ago. Updated almost 2 years ago.

Status:
Closed
Priority:
Normal
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
#1  0x00007ffff41cb8b1 in __GI_abort () at abort.c:79
#2  0x0000000000efdb37 in std::sys::unix::abort_internal () at src/libstd/sys/unix/mod.rs:165
#3  0x0000000000ee79f5 in std::sys_common::util::abort (args=...) at src/libstd/sys_common/util.rs:20
#4  0x0000000000ee2aae in rust_panic (msg=...) at src/libstd/panicking.rs:524
#5  0x0000000000ee2965 in std::panicking::rust_panic_with_hook (payload=..., message=..., location=<optimized out>) at src/libstd/panicking.rs:492
#6  0x0000000000ee242b in rust_begin_unwind (info=0x7fffee9f6e78) at src/libstd/panicking.rs:378
#7  0x0000000000f3c9d1 in core::panicking::panic_fmt (fmt=..., location=0x7fffee9f6a60) at src/libcore/panicking.rs:85
#8  0x0000000000f3c91d in core::panicking::panic (expr=...) at src/libcore/panicking.rs:52
#9  0x0000000000ba154b in suricata::dcerpc::dcerpc::DCERPCState::handle_common_stub (self=0x7fffe0364c60, input=..., bytes_consumed=0, dir=8) at src/dcerpc/dcerpc.rs:829
#10 0x0000000000ba3b1c in suricata::dcerpc::dcerpc::DCERPCState::handle_input_data (self=0x7fffe0364c60, input=..., direction=8) at src/dcerpc/dcerpc.rs:1034
#11 0x0000000000ba47ac in rs_dcerpc_parse_response (_flow=0x25f07a0, state=0x7fffe0364c60, _pstate=0x7fffe0364c20, input=0x7fffe0372db0 "q\032\330\005@", input_len=7284, _data=0x0, flags=8) at src/dcerpc/dcerpc.rs:1133
#12 0x0000000000693e1e in DCERPCParseResponse (f=0x25f07a0, dcerpc_state=0x7fffe0364c60, pstate=0x7fffe0364c20, input=0x7fffe0372db0 "q\032\330\005@", input_len=7284, local_data=0x0, flags=8 '\b') at app-layer-dcerpc.c:76
#13 0x00000000006d6c8d in AppLayerParserParse (tv=0x16894e0, alp_tctx=0x7fffe027e2b0, f=0x25f07a0, alproto=9, flags=8 '\b', input=0x7fffe0372db0 "q\032\330\005@", input_len=7284) at app-layer-parser.c:1233
#14 0x0000000000690b42 in AppLayerHandleTCPData (tv=0x16894e0, ra_ctx=0x7fffe0278b90, p=0x7fffe8197260, f=0x25f07a0, ssn=0x7fffe0358710, stream=0x7fffee9f8198, data=0x7fffe0372db0 "q\032\330\005@", data_len=7284, flags=8 '\b') at app-layer.c:688
#15 0x0000000000880938 in ReassembleUpdateAppLayer (tv=0x16894e0, ra_ctx=0x7fffe0278b90, ssn=0x7fffe0358710, stream=0x7fffee9f8198, p=0x7fffe8197260, dir=UPDATE_DIR_OPPOSING) at stream-tcp-reassemble.c:1167
#16 0x000000000087ff66 in StreamTcpReassembleAppLayer (tv=0x16894e0, ra_ctx=0x7fffe0278b90, ssn=0x7fffe0358710, stream=0x7fffe0358720, p=0x7fffe8197260, dir=UPDATE_DIR_OPPOSING) at stream-tcp-reassemble.c:1228
#17 0x0000000000883375 in StreamTcpReassembleHandleSegmentUpdateACK (tv=0x16894e0, ra_ctx=0x7fffe0278b90, ssn=0x7fffe0358710, stream=0x7fffe0358720, p=0x7fffe8197260) at stream-tcp-reassemble.c:1802
#18 0x0000000000882e3d in StreamTcpReassembleHandleSegment (tv=0x16894e0, ra_ctx=0x7fffe0278b90, ssn=0x7fffe0358710, stream=0x7fffe03587a8, p=0x7fffe8197260, pq=0x7fffe0278888) at stream-tcp-reassemble.c:1845
#19 0x00000000008751e7 in HandleEstablishedPacketToServer (tv=0x16894e0, ssn=0x7fffe0358710, p=0x7fffe8197260, stt=0x7fffe0278880, pq=0x7fffe0278888) at stream-tcp.c:2294
#20 0x000000000085a660 in StreamTcpPacketStateEstablished (tv=0x16894e0, p=0x7fffe8197260, stt=0x7fffe0278880, ssn=0x7fffe0358710, pq=0x7fffe0278888) at stream-tcp.c:2664
#21 0x00000000008508f8 in StreamTcpStateDispatch (tv=0x16894e0, p=0x7fffe8197260, stt=0x7fffe0278880, ssn=0x7fffe0358710, pq=0x7fffe0278888, state=4 '\004') at stream-tcp.c:4672
#22 0x000000000084d61d in StreamTcpPacket (tv=0x16894e0, p=0x7fffe8197260, stt=0x7fffe0278880, pq=0x7fffe0270b50) at stream-tcp.c:4861
#23 0x000000000085127f in StreamTcp (tv=0x16894e0, p=0x7fffe8197260, data=0x7fffe0278880, pq=0x7fffe0270b50) at stream-tcp.c:5197
#24 0x00000000007e18bb in FlowWorkerStreamTCPUpdate (tv=0x16894e0, fw=0x7fffe0270b20, p=0x7fffe8197260, detect_thread=0x0) at flow-worker.c:364
#25 0x00000000007e14e1 in FlowWorker (tv=0x16894e0, p=0x7fffe8197260, data=0x7fffe0270b20) at flow-worker.c:524
#26 0x0000000000891ba4 in TmThreadsSlotVarRun (tv=0x16894e0, p=0x7fffe8197260, slot=0x2660bf0) at tm-threads.c:117
#27 0x00000000008967c6 in TmThreadsSlotVar (td=0x16894e0) at tm-threads.c:452
#28 0x00007ffff6bc46db in start_thread (arg=0x7fffee9f9700) at pthread_create.c:463
#29 0x00007ffff42aca3f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
(gdb) f 9
#9  0x0000000000ba154b in suricata::dcerpc::dcerpc::DCERPCState::handle_common_stub (self=0x7fffe0364c60, input=..., bytes_consumed=0, dir=8) at src/dcerpc/dcerpc.rs:829
829                     parsed -= input_left;
(gdb) p parsed
$1 = 5816
(gdb) p input_left
$2 = 5832
Actions #1

Updated by Shivani Bhardwaj about 2 years ago

  • Status changed from Assigned to In Review
Actions #3

Updated by Victor Julien almost 2 years ago

  • Status changed from In Review to Closed
Actions

Also available in: Atom PDF