Actions
Bug #4972
closedNull deference in ConfigApplyTx
Affected Versions:
Effort:
Difficulty:
Label:
Description
Found by oss-fuzz
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43733
Reproducer is with rulealert ip any any -> any any (config:logging disable,type tx,scope tx;sid:1;)
and with lolc.pcap
Stack trace is
AddressSanitizer:DEADLYSIGNAL ================================================================= ==47909==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000026 (pc 0x000103aad24a bp 0x700006d33980 sp 0x700006d33930 T2) ==47909==The signal is caused by a READ memory access. ==47909==Hint: address points to the zero page. #0 0x103aad24a in ConfigApplyTx detect-config.c:92 #1 0x103aad1c2 in ConfigApply detect-config.c:136 #2 0x103aac742 in DetectConfigPostMatch detect-config.c:149 #3 0x103b05cd1 in IPOnlyMatchPacket detect-engine-iponly.c:1110 #4 0x103aa407d in DetectRunInspectIPOnly detect.c:557 #5 0x103aa352a in DetectRun detect.c:118 #6 0x103aa3143 in DetectNoFlow detect.c:1573 #7 0x103aa2975 in Detect detect.c:1633 #8 0x103c00756 in FlowWorker flow-worker.c:551
Files
Updated by Jeff Lucovsky almost 3 years ago
- Copied to Bug #5003: Null deference in ConfigApplyTx added
Updated by Jeff Lucovsky almost 3 years ago
- Copied to Bug #5004: Null deference in ConfigApplyTx added
Updated by Philippe Antoine almost 3 years ago
- Status changed from New to In Review
Updated by Philippe Antoine almost 3 years ago
- Status changed from In Review to Closed
Updated by Philippe Antoine almost 3 years ago
- Status changed from Closed to In Review
https://github.com/OISF/suricata/pull/7126 to complete
Updated by Philippe Antoine over 2 years ago
Continued in https://github.com/OISF/suricata/pull/7180
Updated by Philippe Antoine over 2 years ago
- Status changed from In Review to Closed
Finally solved with https://github.com/OISF/suricata/pull/7191
Updated by Philippe Antoine over 2 years ago
- Status changed from Closed to In Review
Another fix https://github.com/OISF/suricata/pull/7220 for another variant https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=44906
Updated by Philippe Antoine over 2 years ago
- Status changed from In Review to Closed
Updated by Victor Julien over 2 years ago
Git hashes:c3a220647b31b453b0fc14ecfb028defad2778dc
00da0d3420fd6ebbdbe7990b26eebf7650856eca
0cba561fecffe93596d38691561d4316c3b8efb2
dccf2e4c30b968477d9cc7e7a86b64b97893831c
Updated by Victor Julien about 2 years ago
- Private changed from Yes to No
- Label deleted (
Needs backport, Needs backport to 5.0, Needs backport to 6.0)
Actions