Actions
Bug #5834
closedtcp/regions: list corruption
Affected Versions:
Effort:
Difficulty:
Label:
Description
suricata: util-streaming-buffer.c:959: void Validate(const StreamingBuffer *): Assertion `!(bail)' failed. --Type <RET> for more, q to quit, c to continue without paging-- Thread 57 "W#55" received signal SIGABRT, Aborted. [Switching to Thread 0x7fffd0728700 (LWP 1707941)] __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50 50 ../sysdeps/unix/sysv/linux/raise.c: No such file or directory. (gdb) bt #0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50 #1 0x00007ffff6a91859 in __GI_abort () at abort.c:79 #2 0x00007ffff6a91729 in __assert_fail_base (fmt=0x7ffff6c27588 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=0x126c9c0 <str> "!(bail)", file=0x126b580 <str> "util-streaming-buffer.c", line=959, function=<optimized out>) at assert.c:92 #3 0x00007ffff6aa2fd6 in __GI___assert_fail (assertion=0x126c9c0 <str> "!(bail)", file=0x126b580 <str> "util-streaming-buffer.c", line=959, function=0x126c860 <__PRETTY_FUNCTION__.Validate> "void Validate(const StreamingBuffer *)") at assert.c:101 #4 0x0000000000b8525e in Validate (sb=0x61200304ef88) at util-streaming-buffer.c:959 #5 0x0000000000b75c2c in ListRegions (sb=0x61200304ef88) at util-streaming-buffer.c:999 #6 0x0000000000b7b9b8 in StreamingBufferInsertAt
Introduced in rc1, no backport needed.
Files
Updated by Philippe Antoine almost 2 years ago
- File repro.pcap repro.pcap added
Reproducer works with fuzzing configuration
%YAML 1.1 --- pcap-file: checksum-checks: no stream: checksum-validation: no midstream: true outputs: - fast: enabled: yes filename: /dev/null - eve-log: enabled: yes filetype: regular filename: /dev/null xff: enabled: yes mode: extra-data deployment: reverse header: X-Forwarded-For types: - alert: payload: yes payload-printable: yes packet: yes metadata: yes http-body: yes http-body-printable: yes tagged-packets: yes - anomaly: enabled: yes types: decode: yes stream: yes applayer: yes packethdr: yes - http: extended: yes dump-all-headers: both - dns - tls: extended: yes session-resumption: yes - files - smtp: extended: yes - dnp3 - ftp - rdp - nfs - smb - tftp - ike - krb5 - snmp - rfb - sip - dhcp: enabled: yes extended: yes - ssh - pgsql - flow - netflow - metadata - http-log: enabled: yes filename: /dev/null extended: yes - tls-log: enabled: yes filename: /dev/null extended: yes - file-store: version: 2 enabled: yes force-filestore: yes app-layer: protocols: rdp: enabled: yes template: enabled: yes template-rust: enabled: yes modbus: enabled: yes detection-ports: dp: 502 dnp3: enabled: yes detection-ports: dp: 20000 enip: enabled: yes detection-ports: dp: 44818 sip: enabled: yes ssh: enabled: yes hassh: yes mqtt: enabled: yes pgsql: enabled: yes http2: enabled: yes quic: enabled: yes
./src/suricata -c fuzz.yaml -k none -r repro.pcap
gets me to Assertion failed: (!(bail)), function Validate, file util-streaming-buffer.c, line 959.
Updated by Philippe Antoine almost 2 years ago
Found by oss-fuzz as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=55574&q=label%3AProj-suricata
Updated by Victor Julien almost 2 years ago
- Status changed from In Progress to Closed
Updated by Philippe Antoine almost 2 years ago
- File repro.pcap repro.pcap added
- Status changed from Closed to Assigned
oss-fuzz issue is still open
Still reproducing locally with config file
%YAML 1.1 --- stream: midstream: true
and attached file
suricata -r repro.pcap -c src/tests/fuzz/conf.yaml -k none
Updated by Philippe Antoine over 1 year ago
- Priority changed from Normal to High
@Victor Julien are you in this one ?
Updated by Victor Julien over 1 year ago
- Related to Bug #6041: ASSERT: !(sb->region.buf_offset != 0) added
Updated by Victor Julien over 1 year ago
- Related to Bug #6066: Memory Corruption in util-streaming-buffer added
Updated by Victor Julien over 1 year ago
- Status changed from Assigned to Closed
- Priority changed from High to Normal
Actions