Bug #4680: nfs: failed assert self.tx_data.files_logged > 1 - Suricata - Open Information Security Foundation

Actions

Copy link

Bug #4680

closed

nfs: failed assert self.tx_data.files_logged > 1

Added by Philippe Antoine over 2 years ago. Updated over 2 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Philippe Antoine

Target version:

7.0.0-beta1

Affected Versions:

6.0.3

Effort:

Difficulty:

Label:

Needs backport to 5.0, Needs backport to 6.0

Description

Found by oss-fuzz
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=38467

This seems to be a generic bug for the rust file tracker implementation, trigger able by NFS

Files

nfs.pcap (1.4 KB) nfs.pcap

Philippe Antoine, 09/13/2021 09:23 AM

Related issues 2 (0 open — 2 closed)

Actions

Copy link

Updated by Philippe Antoine over 2 years ago

File nfs.pcap nfs.pcap added

Minimal pcap reproducer
./src/suricata -r nfs.pcap -c suricata.yaml -k none

Getting

thread '<unnamed>' panicked at 'Condition check failed', src/nfs/nfs.rs:220:9
stack backtrace:
   0: std::panicking::begin_panic
             at /Users/catena/.rustup/toolchains/nightly-x86_64-apple-darwin/lib/rustlib/src/rust/library/std/src/panicking.rs:543:12
   1: suricata_rust::nfs::nfs::NFSTransaction::free
             at ./rust/src/nfs/nfs.rs:220:9
   2: <suricata_rust::nfs::nfs::NFSTransaction as core::ops::drop::Drop>::drop
             at ./rust/src/nfs/nfs.rs:235:9
   3: core::ptr::drop_in_place<suricata_rust::nfs::nfs::NFSTransaction>
             at /Users/catena/.rustup/toolchains/nightly-x86_64-apple-darwin/lib/rustlib/src/rust/library/core/src/ptr/mod.rs:192:1
   4: core::ptr::drop_in_place<[suricata_rust::nfs::nfs::NFSTransaction]>
             at /Users/catena/.rustup/toolchains/nightly-x86_64-apple-darwin/lib/rustlib/src/rust/library/core/src/ptr/mod.rs:192:1
   5: <alloc::vec::Vec<T,A> as core::ops::drop::Drop>::drop
             at /Users/catena/.rustup/toolchains/nightly-x86_64-apple-darwin/lib/rustlib/src/rust/library/alloc/src/vec/mod.rs:2754:13
   6: core::ptr::drop_in_place<alloc::vec::Vec<suricata_rust::nfs::nfs::NFSTransaction>>
             at /Users/catena/.rustup/toolchains/nightly-x86_64-apple-darwin/lib/rustlib/src/rust/library/core/src/ptr/mod.rs:192:1
   7: core::ptr::drop_in_place<suricata_rust::nfs::nfs::NFSState>
             at /Users/catena/.rustup/toolchains/nightly-x86_64-apple-darwin/lib/rustlib/src/rust/library/core/src/ptr/mod.rs:192:1
   8: core::ptr::drop_in_place<alloc::boxed::Box<suricata_rust::nfs::nfs::NFSState>>
             at /Users/catena/.rustup/toolchains/nightly-x86_64-apple-darwin/lib/rustlib/src/rust/library/core/src/ptr/mod.rs:192:1
   9: core::mem::drop
             at /Users/catena/.rustup/toolchains/nightly-x86_64-apple-darwin/lib/rustlib/src/rust/library/core/src/mem/mod.rs:898:24
  10: rs_nfs_state_free
             at ./rust/src/nfs/nfs.rs:1400:5
  11: AppLayerParserStateProtoCleanup
             at ./src/app-layer-parser.c:1497:9
  12: AppLayerParserStateCleanup
             at ./src/app-layer-parser.c:1508:5
  13: FlowCleanupAppLayer
             at ./src/flow.c:147:5
  14: FlowClearMemory
             at ./src/flow.c:1082:5
  15: Recycler
             at ./src/flow-manager.c:655:5
  16: FlowRecycler
             at ./src/flow-manager.c:1200:13
  17: TmThreadsManagement
             at ./src/tm-threads.c:541:9
  18: __pthread_start
note: Some details are omitted, run with `RUST_BACKTRACE=full` for a verbose backtrace.
fatal runtime error: failed to initiate panic, error 5
Abort trap: 6

Actions

Copy link