Actions
Bug #7176
closedldap: crash when encountering GAP
Affected Versions:
Effort:
Difficulty:
Label:
Description
Parser claims to support GAPs, however crashes when receiving one
Thread 53 "W#51" received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x7ffdb17fa640 (LWP 17428)] asn1_rs::ber::parser::parse_identifier (i=...) at src/ber/parser.rs:119 119 let mut c = u32::from(i[0] & 0b0001_1111); (gdb) bt #0 asn1_rs::ber::parser::parse_identifier (i=...) at src/ber/parser.rs:119 #1 0x0000555555ba623b in asn1_rs::header::{impl#3}::from_ber (bytes=...) at src/header.rs:229 #2 0x0000555555bad23a in asn1_rs::asn1_types::any::{impl#2}::from_ber (bytes=...) at src/asn1_types/any.rs:325 #3 0x0000555555cefa7f in asn1_rs::traits::{impl#4}::from_ber<asn1_rs::asn1_types::sequence::Sequence, asn1_rs::error::Error> (bytes=...) at /home/victor/.cargo/registry/src/index.crates.io-6f17d22bba15001f/asn1-rs-0.6.1/src/traits.rs:95 #4 asn1_rs::asn1_types::sequence::Sequence::from_ber_and_then<ldap_parser::ldap::LdapMessage, ldap_parser::parser::{impl#5}::from_ber::{closure_env#0}, ldap_parser::error::LdapError> (bytes=..., op=...) at /home/victor/.cargo/registry/src/index.crates.io-6f17d22bba15001f/asn1-rs-0.6.1/src/asn1_types/sequence.rs:111 #5 0x0000555555b29b19 in ldap_parser::parser::{impl#5}::from_ber (bytes=...) at src/parser.rs:232 #6 0x0000555555a49a9d in suricata::ldap::types::ldap_parse_msg (input=...) at src/ldap/types.rs:644 #7 suricata::ldap::ldap::LdapState::parse_response (self=0x7ffd64f02580, input=...) at src/ldap/ldap.rs:200 #8 suricata::ldap::ldap::SCLdapParseResponse (_flow=<optimized out>, state=0x7ffd64f02580, pstate=<optimized out>, stream_slice=..., _data=<optimized out>) at src/ldap/ldap.rs:337 #9 0x00005555556e6066 in AppLayerParserParse (tv=0x5555571aa170, alp_tctx=0x7ffd64df67f0, f=0x7ffd64f55c90, alproto=30, flags=24 '\030', input=0x0, input_len=14400) at app-layer-parser.c:1363 #10 0x00005555556ca088 in AppLayerHandleTCPData (tv=0x5555571aa170, ra_ctx=0x7ffd64df10c0, p=0x7ffff0c279d0, f=0x7ffd64f55c90, ssn=0x7ffd64ecc870, stream=0x7ffdb17f8ef8, data=0x0, data_len=14400, flags=24 '\030', app_update_dir=UPDATE_DIR_OPPOSING) at app-layer.c:752
Quick fixup seems to fix it up:
diff --git a/rust/src/ldap/ldap.rs b/rust/src/ldap/ldap.rs
index 0817b4c9f..d696ca10a 100644
--- a/rust/src/ldap/ldap.rs
+++ b/rust/src/ldap/ldap.rs
@@ -402,7 +402,7 @@ pub unsafe extern "C" fn rs_ldap_register_parser() {
get_tx_data: SCLdapGetTxData,
get_state_data: SCLdapGetStateData,
apply_tx_config: None,
- flags: APP_LAYER_PARSER_OPT_ACCEPT_GAPS,
+ flags: 0,//APP_LAYER_PARSER_OPT_ACCEPT_GAPS,
get_frame_id_by_name: None,
get_frame_name_by_id: None,
};
Updated by Giuseppe Longo 5 months ago
Right, GAPs are not supported atm and must not be accepted.
I'll send a PR with this change.
Updated by Victor Julien 5 months ago
- Related to Bug #7193: ldap: parser does not accept gaps yet added
Updated by Philippe Antoine 5 months ago
Found by oss-fuzz as https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=70672&q=label%3AProj-suricata
Updated by Philippe Antoine 5 months ago
- Status changed from Assigned to In Review
https://github.com/OISF/suricata/pull/11582 has one commit to solve this
Updated by Giuseppe Longo 5 months ago
- Status changed from In Review to Closed
Merged PR: https://github.com/OISF/suricata/pull/11612
Actions