Project

General

Profile

Actions

Bug #4797

closed

pcre2 crash in multi-tenant

Added by Jeff Lucovsky about 3 years ago. Updated over 1 year ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

Note: this issue has been created as a private issue -- I think we can remove the private setting since this is not traffic induced.

When configuring Suricata 7.x/master with multi-tenants, a SIGSEGV occurs:

[3076103] 30/10/2021 -- 11:11:22 - (detect-reference.c:142) <Warning> (DetectReferenceParse) -- [ERRCODE: SC_ERR_REFERENCE_UNKNOWN(150)] - unknown reference key "bid" 
    #0 0x7ff765683c5a in memcpy (/lib/x86_64-linux-gnu/libc.so.6+0xbec5a)
    #1 0x7ff76638636e  (/lib/x86_64-linux-gnu/libasan.so.5+0x9b36e)
    #2 0x7ff76603c9ca in pcre2_substring_copy_bynumber_8 (/lib/x86_64-linux-gnu/libpcre2-8.so.0+0x649ca)
    #3 0x56074d7f8f1b in SCClassConfAddClasstype /home/jlucovsky/src/jal/suricata/src/util-classification-config.c:264
    #4 0x56074d7f965c in SCClassConfParseFile /home/jlucovsky/src/jal/suricata/src/util-classification-config.c:358
    #5 0x56074d7f9e85 in SCClassConfLoadClassficationConfigFile /home/jlucovsky/src/jal/suricata/src/util-classification-config.c:541
    #6 0x56074db5c026 in DetectEngineCtxInitReal /home/jlucovsky/src/jal/suricata/src/detect-engine.c:1994
    #7 0x56074db5c21b in DetectEngineCtxInitWithPrefix /home/jlucovsky/src/jal/suricata/src/detect-engine.c:2033
    #8 0x56074db63359 in DetectEngineMultiTenantLoadTenant /home/jlucovsky/src/jal/suricata/src/detect-engine.c:3287
    #9 0x56074db63baf in DetectLoaderFuncLoadTenant /home/jlucovsky/src/jal/suricata/src/detect-engine.c:3380
    #10 0x56074dba465d in DetectLoader /home/jlucovsky/src/jal/suricata/src/detect-engine-loader.c:593
    #11 0x56074d7dffc7 in TmThreadsManagement /home/jlucovsky/src/jal/suricata/src/tm-threads.c:552
    #12 0x7ff766095608 in start_thread /build/glibc-eX1tMB/glibc-2.31/nptl/pthread_create.c:477
    #13 0x7ff7656e7292 in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x122292)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0xbec5a) in memcpy
Thread T1 (DL#01) created by T0 (Suricata-Main) here:
    #0 0x7ff766325805 in pthread_create (/lib/x86_64-linux-gnu/libasan.so.5+0x3a805)
    #1 0x56074d7e53e9 in TmThreadSpawn /home/jlucovsky/src/jal/suricata/src/tm-threads.c:1733
    #2 0x56074dba4b94 in DetectLoaderThreadSpawn /home/jlucovsky/src/jal/suricata/src/detect-engine-loader.c:635
    #3 0x56074db65073 in DetectEngineMultiTenantSetup /home/jlucovsky/src/jal/suricata/src/detect-engine.c:3597
    #4 0x56074d7d3e8b in PostConfLoadedDetectSetup /home/jlucovsky/src/jal/suricata/src/suricata.c:2333
    #5 0x56074d7d5eb5 in SuricataMain /home/jlucovsky/src/jal/suricata/src/suricata.c:2787
    #6 0x56074d7c7cfb in main /home/jlucovsky/src/jal/suricata/src/main.c:22
    #7 0x7ff7655ec0b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)

==3076088==ABORTING

The same configuration does not crash with master-6.0.x

I've attached the configuration files that I'm using -- they contain pathnames that will require modification

Add include: /path/to/tenant.haml to suricata.yaml


Files

tenant-1.yaml (1.46 KB) tenant-1.yaml Jeff Lucovsky, 10/30/2021 03:14 PM
tenant-2.yaml (1.46 KB) tenant-2.yaml Jeff Lucovsky, 10/30/2021 03:14 PM
tenant.yaml (336 Bytes) tenant.yaml Jeff Lucovsky, 10/30/2021 03:14 PM

Related issues 2 (0 open2 closed)

Related to Suricata - Bug #6047: detect: multi-tenancy crashRejectedJeff LucovskyActions
Related to Suricata - Bug #6247: pcre: parsing crash in multi-tenant multi-loader setupClosedVictor JulienActions
Actions #1

Updated by Jeff Lucovsky over 1 year ago

  • Related to Bug #6047: detect: multi-tenancy crash added
Actions #2

Updated by Jeff Lucovsky over 1 year ago

Note: the crash does not occur when only 1 tenant is configured or the loaders count is 1.

Actions #3

Updated by Philippe Antoine over 1 year ago

  • Target version set to 7.0.0
Actions #4

Updated by Philippe Antoine over 1 year ago

  • Assignee set to Jeff Lucovsky
Actions #5

Updated by Victor Julien over 1 year ago

  • Target version changed from 7.0.0 to 7.0.1
Actions #6

Updated by Victor Julien over 1 year ago

  • Description updated (diff)
Actions #7

Updated by Victor Julien over 1 year ago

  • Status changed from New to In Progress
  • Target version changed from 7.0.1 to 7.0.0
Actions #8

Updated by Victor Julien over 1 year ago

  • Status changed from In Progress to Closed
  • Private changed from Yes to No
Actions #9

Updated by Victor Julien over 1 year ago

  • Related to Bug #6247: pcre: parsing crash in multi-tenant multi-loader setup added
Actions

Also available in: Atom PDF