Project

General

Profile

Actions

Bug #5834

closed

tcp/regions: list corruption

Added by Victor Julien about 1 year ago. Updated 10 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

suricata: util-streaming-buffer.c:959: void Validate(const StreamingBuffer *): Assertion `!(bail)' failed.
--Type <RET> for more, q to quit, c to continue without paging--                                     

Thread 57 "W#55" received signal SIGABRT, Aborted.                                                       
[Switching to Thread 0x7fffd0728700 (LWP 1707941)]
__GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50                                    
50      ../sysdeps/unix/sysv/linux/raise.c: No such file or directory.            
(gdb) bt                                                                                                 
#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50    
#1  0x00007ffff6a91859 in __GI_abort () at abort.c:79
#2  0x00007ffff6a91729 in __assert_fail_base (fmt=0x7ffff6c27588 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=0x126c9c0 <str> "!(bail)", file=0x126b580 <str> "util-streaming-buffer.c", line=959, 
    function=<optimized out>) at assert.c:92
#3  0x00007ffff6aa2fd6 in __GI___assert_fail (assertion=0x126c9c0 <str> "!(bail)", file=0x126b580 <str> "util-streaming-buffer.c", line=959, 
    function=0x126c860 <__PRETTY_FUNCTION__.Validate> "void Validate(const StreamingBuffer *)") at assert.c:101
#4  0x0000000000b8525e in Validate (sb=0x61200304ef88) at util-streaming-buffer.c:959
#5  0x0000000000b75c2c in ListRegions (sb=0x61200304ef88) at util-streaming-buffer.c:999
#6  0x0000000000b7b9b8 in StreamingBufferInsertAt 

Introduced in rc1, no backport needed.


Files

repro.pcap (550 Bytes) repro.pcap Philippe Antoine, 02/02/2023 04:55 PM
repro.pcap (550 Bytes) repro.pcap Philippe Antoine, 03/16/2023 04:13 PM

Related issues 2 (0 open2 closed)

Related to Suricata - Bug #6041: ASSERT: !(sb->region.buf_offset != 0)ClosedVictor JulienActions
Related to Suricata - Bug #6066: Memory Corruption in util-streaming-bufferClosedVictor JulienActions
Actions #1

Updated by Victor Julien about 1 year ago

  • Description updated (diff)
Actions #2

Updated by Philippe Antoine about 1 year ago

Reproducer works with fuzzing configuration

%YAML 1.1
---
pcap-file:
  checksum-checks: no

stream:
  checksum-validation: no
  midstream: true
outputs:
  - fast:
      enabled: yes
      filename: /dev/null
  - eve-log:
      enabled: yes
      filetype: regular
      filename: /dev/null
      xff:
        enabled: yes
        mode: extra-data
        deployment: reverse
        header: X-Forwarded-For
      types:
        - alert:
            payload: yes
            payload-printable: yes
            packet: yes
            metadata: yes
            http-body: yes
            http-body-printable: yes
            tagged-packets: yes
        - anomaly:
            enabled: yes
            types:
              decode: yes
              stream: yes
              applayer: yes
            packethdr: yes
        - http:
            extended: yes
            dump-all-headers: both
        - dns
        - tls:
            extended: yes
            session-resumption: yes
        - files
        - smtp:
            extended: yes
        - dnp3
        - ftp
        - rdp
        - nfs
        - smb
        - tftp
        - ike
        - krb5
        - snmp
        - rfb
        - sip
        - dhcp:
            enabled: yes
            extended: yes
        - ssh
        - pgsql
        - flow
        - netflow
        - metadata
  - http-log:
      enabled: yes
      filename: /dev/null
      extended: yes
  - tls-log:
      enabled: yes
      filename: /dev/null
      extended: yes
  - file-store:
      version: 2
      enabled: yes
      force-filestore: yes
app-layer:
  protocols:
    rdp:
      enabled: yes
    template:
      enabled: yes
    template-rust:
      enabled: yes
    modbus:
      enabled: yes
      detection-ports:
        dp: 502
    dnp3:
      enabled: yes
      detection-ports:
        dp: 20000
    enip:
      enabled: yes
      detection-ports:
        dp: 44818
    sip:
      enabled: yes
    ssh:
      enabled: yes
      hassh: yes
    mqtt:
      enabled: yes
    pgsql:
      enabled: yes
    http2:
      enabled: yes
    quic:
      enabled: yes

./src/suricata -c fuzz.yaml -k none -r repro.pcap gets me to Assertion failed: (!(bail)), function Validate, file util-streaming-buffer.c, line 959.

Actions #4

Updated by Victor Julien about 1 year ago

  • Status changed from In Progress to Closed
Actions #5

Updated by Philippe Antoine about 1 year ago

oss-fuzz issue is still open

Still reproducing locally with config file

%YAML 1.1
---

stream:
  midstream: true

and attached file

suricata -r repro.pcap -c src/tests/fuzz/conf.yaml -k none

Actions #6

Updated by Philippe Antoine 11 months ago

  • Priority changed from Normal to High

@Victor Julien are you in this one ?

Actions #7

Updated by Victor Julien 11 months ago

  • Related to Bug #6041: ASSERT: !(sb->region.buf_offset != 0) added
Actions #8

Updated by Victor Julien 11 months ago

  • Related to Bug #6066: Memory Corruption in util-streaming-buffer added
Actions #9

Updated by Victor Julien 10 months ago

  • Status changed from Assigned to Closed
  • Priority changed from High to Normal
Actions

Also available in: Atom PDF