Project

General

Profile

Actions

Bug #5003

closed

Null deference in ConfigApplyTx

Added by Jeff Lucovsky almost 3 years ago. Updated about 2 years ago.

Status:
Closed
Priority:
Normal
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

Found by oss-fuzz
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43733

Reproducer is with rule
alert ip any any -> any any (config:logging disable,type tx,scope tx;sid:1;)
and with lolc.pcap

Stack trace is

AddressSanitizer:DEADLYSIGNAL
=================================================================
==47909==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000026 (pc 0x000103aad24a bp 0x700006d33980 sp 0x700006d33930 T2)
==47909==The signal is caused by a READ memory access.
==47909==Hint: address points to the zero page.
    #0 0x103aad24a in ConfigApplyTx detect-config.c:92
    #1 0x103aad1c2 in ConfigApply detect-config.c:136
    #2 0x103aac742 in DetectConfigPostMatch detect-config.c:149
    #3 0x103b05cd1 in IPOnlyMatchPacket detect-engine-iponly.c:1110
    #4 0x103aa407d in DetectRunInspectIPOnly detect.c:557
    #5 0x103aa352a in DetectRun detect.c:118
    #6 0x103aa3143 in DetectNoFlow detect.c:1573
    #7 0x103aa2975 in Detect detect.c:1633
    #8 0x103c00756 in FlowWorker flow-worker.c:551


Files

lolc.pcap (80 Bytes) lolc.pcap Philippe Antoine, 01/17/2022 01:44 PM

Related issues 1 (0 open1 closed)

Copied from Suricata - Bug #4972: Null deference in ConfigApplyTxClosedPhilippe AntoineActions
Actions

Also available in: Atom PDF