Actions
Bug #4797
closedpcre2 crash in multi-tenant
Affected Versions:
Effort:
Difficulty:
Label:
Description
Note: this issue has been created as a private issue -- I think we can remove the private setting since this is not traffic induced.
When configuring Suricata 7.x/master
with multi-tenants, a SIGSEGV
occurs:
[3076103] 30/10/2021 -- 11:11:22 - (detect-reference.c:142) <Warning> (DetectReferenceParse) -- [ERRCODE: SC_ERR_REFERENCE_UNKNOWN(150)] - unknown reference key "bid" #0 0x7ff765683c5a in memcpy (/lib/x86_64-linux-gnu/libc.so.6+0xbec5a) #1 0x7ff76638636e (/lib/x86_64-linux-gnu/libasan.so.5+0x9b36e) #2 0x7ff76603c9ca in pcre2_substring_copy_bynumber_8 (/lib/x86_64-linux-gnu/libpcre2-8.so.0+0x649ca) #3 0x56074d7f8f1b in SCClassConfAddClasstype /home/jlucovsky/src/jal/suricata/src/util-classification-config.c:264 #4 0x56074d7f965c in SCClassConfParseFile /home/jlucovsky/src/jal/suricata/src/util-classification-config.c:358 #5 0x56074d7f9e85 in SCClassConfLoadClassficationConfigFile /home/jlucovsky/src/jal/suricata/src/util-classification-config.c:541 #6 0x56074db5c026 in DetectEngineCtxInitReal /home/jlucovsky/src/jal/suricata/src/detect-engine.c:1994 #7 0x56074db5c21b in DetectEngineCtxInitWithPrefix /home/jlucovsky/src/jal/suricata/src/detect-engine.c:2033 #8 0x56074db63359 in DetectEngineMultiTenantLoadTenant /home/jlucovsky/src/jal/suricata/src/detect-engine.c:3287 #9 0x56074db63baf in DetectLoaderFuncLoadTenant /home/jlucovsky/src/jal/suricata/src/detect-engine.c:3380 #10 0x56074dba465d in DetectLoader /home/jlucovsky/src/jal/suricata/src/detect-engine-loader.c:593 #11 0x56074d7dffc7 in TmThreadsManagement /home/jlucovsky/src/jal/suricata/src/tm-threads.c:552 #12 0x7ff766095608 in start_thread /build/glibc-eX1tMB/glibc-2.31/nptl/pthread_create.c:477 #13 0x7ff7656e7292 in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x122292) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0xbec5a) in memcpy Thread T1 (DL#01) created by T0 (Suricata-Main) here: #0 0x7ff766325805 in pthread_create (/lib/x86_64-linux-gnu/libasan.so.5+0x3a805) #1 0x56074d7e53e9 in TmThreadSpawn /home/jlucovsky/src/jal/suricata/src/tm-threads.c:1733 #2 0x56074dba4b94 in DetectLoaderThreadSpawn /home/jlucovsky/src/jal/suricata/src/detect-engine-loader.c:635 #3 0x56074db65073 in DetectEngineMultiTenantSetup /home/jlucovsky/src/jal/suricata/src/detect-engine.c:3597 #4 0x56074d7d3e8b in PostConfLoadedDetectSetup /home/jlucovsky/src/jal/suricata/src/suricata.c:2333 #5 0x56074d7d5eb5 in SuricataMain /home/jlucovsky/src/jal/suricata/src/suricata.c:2787 #6 0x56074d7c7cfb in main /home/jlucovsky/src/jal/suricata/src/main.c:22 #7 0x7ff7655ec0b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2) ==3076088==ABORTING
The same configuration does not crash with master-6.0.x
I've attached the configuration files that I'm using -- they contain pathnames that will require modification
Add include: /path/to/tenant.haml
to suricata.yaml
Files
Actions