Project

General

Profile

Actions

Bug #4134

closed

Segmentation fault on rule reload when using libmagic

Added by Jeff Lucovsky about 4 years ago. Updated almost 4 years ago.

Status:
Rejected
Priority:
Normal
Target version:
Affected Versions:
Effort:
medium
Difficulty:
medium
Label:

Description

If libmagic is enabled and there are signature using libmagic, rule reloading causes a segmentation fault on the next file matching the rule.
This is due to an improper reinitialization of the thread contexts.
In attachment there are a sample stack trace and a sample rule file.


Files

stack_trace (52.8 KB) stack_trace Angelo Mirabella, 05/26/2020 04:48 PM
test.rules (1.18 KB) test.rules Angelo Mirabella, 05/26/2020 04:50 PM
suricata_testcase.zip (178 KB) suricata_testcase.zip Angelo Mirabella, 05/28/2020 10:54 PM
build-info.txt (3.82 KB) build-info.txt Angelo Mirabella, 05/28/2020 10:55 PM

Related issues 1 (0 open1 closed)

Copied from Suricata - Bug #3726: Segmentation fault on rule reload when using libmagicClosedAngelo MirabellaActions
Actions #1

Updated by Jeff Lucovsky about 4 years ago

  • Copied from Bug #3726: Segmentation fault on rule reload when using libmagic added
Actions #2

Updated by Shivani Bhardwaj almost 4 years ago

  • Status changed from Assigned to Rejected

This issue is irreproducible on 4.1.x.
I did the following steps:
1. Started suricata in pcap mode on my network interface
2. reloaded rules with suricatasc
3. replayed the pcap using tcpreplay

I tried this on commit ea15282f4 i.e. the commit prior to its fix in master and was able to reproduce the segfault. After including the fix, the segfault disappeared.
On 4.1.x latest, this issue is not reproducible. Rule reload happens fine. No segfault was observed.

Actions

Also available in: Atom PDF