Actions
Security #6187
opendetect: handle allocation failures during rule reload
Added by Philippe Antoine over 2 years ago. Updated 11 days ago.
Affected Versions:
Label:
CVE:
Git IDs:
Severity:
MODERATE
Disclosure Date:
Description
Currently, we `BUG_ON` allocation failures
It looks plausible to run out of memory when trying to reload rules...
Found by nallocfuzz
Updated by Philippe Antoine over 2 years ago
- Copied from Security #5851: rust: handle allocation failures added
Updated by Philippe Antoine over 2 years ago
- Copied to Optimization #6188: ConfYamlLoadString: handle allocation failures added
Updated by Philippe Antoine about 2 years ago
- Priority changed from Normal to Low
Updated by Victor Julien over 1 year ago
- Status changed from New to Assigned
- Priority changed from Low to Normal
Updated by Philippe Antoine over 1 year ago
I think this one can be postponed after 8
Updated by Victor Julien 11 months ago
- Target version changed from 8.0.0-beta1 to 9.0.0-beta1
Additionally to handling the C asserts, we have the problem of Rust panic catching.
Updated by Victor Julien 4 months ago
- Subject changed from DetectEngineReload: handle allocation failures to detect: handle allocation failures during rule reload
Updated by Philippe Antoine about 2 months ago
- Status changed from Assigned to In Progress
Updated by Philippe Antoine about 2 months ago
- Blocked by Bug #8146: utils-spm-hs: missing deallocators on hs_compile failure added
Updated by Philippe Antoine 25 days ago
Updated by Philippe Antoine 11 days ago
So, nallocfuzz on fuzz_siginit with rust quickly trips on logging with its to_safe_cstring function
Updated by Philippe Antoine 11 days ago
And we trip on the std lib doing allocations with format!
#6 0x7f6e722a5858 in abort /build/glibc-B3wQXB/glibc-2.31/stdlib/abort.c:79:7
#7 0x562d5624f5d9 in std::sys::pal::unix::abort_internal::h2c8c5e618a5d893e /rustc/f8297e351a40c1439a467bbbb6879088047f50b3/library/std/src/sys/pal/unix/mod.rs:368:14
#8 0x562d562509b8 in std::process::abort::h54ed4a3dab913a93 /rustc/f8297e351a40c1439a467bbbb6879088047f50b3/library/std/src/process.rs:2500:5
#9 0x562d56250751 in std::alloc::rust_oom::h3f57c0361440059a /rustc/f8297e351a40c1439a467bbbb6879088047f50b3/library/std/src/alloc.rs:377:5
#10 0x562d5624f302 in __rustc::__rg_oom /rustc/f8297e351a40c1439a467bbbb6879088047f50b3/library/std/src/alloc.rs:372:1
#11 0x562d56255618 in alloc::alloc::handle_alloc_error::rt_error::he18ac328611fcef0 /rustc/f8297e351a40c1439a467bbbb6879088047f50b3/library/alloc/src/alloc.rs:406:13
#12 0x562d56255618 in alloc::alloc::handle_alloc_error::h1a71ccc8de2526dc /rustc/f8297e351a40c1439a467bbbb6879088047f50b3/library/alloc/src/alloc.rs:412:9
#13 0x562d562556e7 in alloc::raw_vec::handle_error::h44cc7051d170a168 /rustc/f8297e351a40c1439a467bbbb6879088047f50b3/library/alloc/src/raw_vec/mod.rs:792:38
#14 0x562d56d8e0e8 in alloc::raw_vec::RawVecInner$LT$A$GT$::with_capacity_in::h0c5609bb037d30b3 /rustc/f8297e351a40c1439a467bbbb6879088047f50b3/library/alloc/src/raw_vec/mod.rs:430:25
#15 0x562d56d8e0e8 in alloc::raw_vec::RawVec$LT$T$C$A$GT$::with_capacity_in::h7d69998492c5943b /rustc/f8297e351a40c1439a467bbbb6879088047f50b3/library/alloc/src/raw_vec/mod.rs:190:20
#16 0x562d56d8e0e8 in alloc::vec::Vec$LT$T$C$A$GT$::with_capacity_in::hf1bca3175e785bdc /rustc/f8297e351a40c1439a467bbbb6879088047f50b3/library/alloc/src/vec/mod.rs:958:20
#17 0x562d56d8e0e8 in alloc::vec::Vec$LT$T$GT$::with_capacity::he27be8a2bd161c4f /rustc/f8297e351a40c1439a467bbbb6879088047f50b3/library/alloc/src/vec/mod.rs:520:9
#18 0x562d56d8e0e8 in alloc::string::String::with_capacity::hf0f787346c33b718 /rustc/f8297e351a40c1439a467bbbb6879088047f50b3/library/alloc/src/string.rs:488:23
#19 0x562d56d8e0e8 in alloc::fmt::format::format_inner::hfd79f8caa80769a9 /rustc/f8297e351a40c1439a467bbbb6879088047f50b3/library/alloc/src/fmt.rs:647:26
#20 0x562d56accab7 in alloc::fmt::format::_$u7b$$u7b$closure$u7d$$u7d$::h7415db4cb0b6c097 /rustc/f8297e351a40c1439a467bbbb6879088047f50b3/library/alloc/src/fmt.rs:654:34
#21 0x562d56accab7 in core::option::Option$LT$T$GT$::map_or_else::h8d16cf609f2066b0 /rustc/f8297e351a40c1439a467bbbb6879088047f50b3/library/core/src/option.rs:1272:21
#22 0x562d56accab7 in alloc::fmt::format::h12bc1d07fd0dc453 /rustc/f8297e351a40c1439a467bbbb6879088047f50b3/library/alloc/src/fmt.rs:654:19
#23 0x562d56accab7 in suricata::detect::requires::parse_requires::h4ae781a8a6227cbe /root/suricata/rust/src/debug.rs:149:21
#24 0x562d56accab7 in core::ops::function::FnOnce::call_once::hfa950d73fca0c4a1 /rustc/f8297e351a40c1439a467bbbb6879088047f50b3/library/core/src/ops/function.rs:250:5
#25 0x562d56accab7 in core::result::Result$LT$T$C$E$GT$::and_then::h55b61f518876d21d /rustc/f8297e351a40c1439a467bbbb6879088047f50b3/library/core/src/result.rs:1486:22
#26 0x562d56accab7 in SCDetectCheckRequires /root/suricata/rust/src/detect/requires.rs:486:10
Actions