Project

General

Profile

Actions
Copy link

Bug #76

closed
WM GS

Processing the attached pcap causes a Segv inside of AppLayerHandleMsg at exit

Bug #76: Processing the attached pcap causes a Segv inside of AppLayerHandleMsg at exit

Added by Will Metcalf about 16 years ago. Updated about 16 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Gurvinder Singh
Target version:
0.8.1
Affected Versions:
Effort:
Difficulty:
Label:

Description

ulimit c unlimited; src/suricata -c suricata.yaml -r ./tcpdump-5of8-fuzz-2010-01-28-05-27-16-1 -l ./
...
[424] 28/1/2010 - 07:32:41 - (alert-fastlog.c:231) <Info> (AlertFastLogInitCtx) -- Fast log output registered, filename: fast.log
[424] 28/1/2010 -- 07:32:41 - (tm-threads.c:1141) <Info> (TmThreadWaitOnThreadInit) -- all 6 packet processing threads, 3 management threads initialized, engine started.
ReceivePcap: code 0 error
- (ReceivePcapFile) Packets 46, bytes 26804.
[424] 28/1/2010 -- 07:32:41 - (suricata.c:700) <Info> (main) -- signal received
[424] 28/1/2010 -- 07:32:41 - (suricata.c:703) <Info> (main) -- SIGINT or EngineStop received
Segmentation fault (core dumped)

#0 0x000000000049a47d in AppLayerHandleMsg (dp_ctx=0x7ffab80008b8, smsg=0x7ffab8d49160) at app-layer-detect-proto.c:359
359 TcpSession *ssn = smsg->flow->protoctx;
(gdb) bt full
#0 0x000000000049a47d in AppLayerHandleMsg (dp_ctx=0x7ffab80008b8, smsg=0x7ffab8d49160) at app-layer-detect-proto.c:359
alproto = 0
r = 0
ssn = 0x7ffab8cfd010
#1 0x000000000048eb8c in StreamTcpReassembleProcessAppLayer (ra_ctx=0x7ffab80008b0) at stream-tcp-reassemble.c:1523
smsg = 0x7ffab8d49160
r = 0
#2 0x000000000048a00c in StreamTcpPacket (tv=0x25cc510, p=0x22c7730, stt=0x28f17d0) at stream-tcp.c:2407
ssn = 0x7ffab8cfd010
#3 0x000000000048a0a6 in StreamTcp (tv=0x25cc510, p=0x22c7730, data=0x28f17d0, pq=0x25cc610) at stream-tcp.c:2425
stt = 0x28f17d0
ret = TM_ECODE_OK
#4 0x000000000047bda8 in TmThreadsSlot1 (td=0x25cc510) at tm-threads.c:325
tv = 0x25cc510
s = 0x25cc5e0
p = 0x22c7730
run = 1 '\001'
r = TM_ECODE_OK
#5 0x00007ffabeea1a04 in start_thread (arg=<value optimized out>) at pthread_create.c:300
__res = <value optimized out>
pd = 0x7ffabd1c1910
unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140714891286800, -1255621217088961140, 140735213154592, 0, 0, 3, 1253787540055917964, 1253793947888387468}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {
prev = 0x0, cleanup = 0x0, canceltype = 0}}}
not_first_call = <value optimized out>
robust = <value optimized out>
#6 0x00007ffabe7bc80d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
No locals.
#7 0x0000000000000000 in ?? ()
No symbol table info available.

Files

Download all files
tcpdump-5of8-fuzz-2010-01-28-05-27-16-1 (26.9 KB) tcpdump-5of8-fuzz-2010-01-28-05-27-16-1 pcap causes segv inside of AppLayerHandleMsg at exit Will Metcalf, 01/28/2010 07:26 AM
0001-bug-76-patch.patch (4.91 KB) 0001-bug-76-patch.patch Gurvinder Singh, 01/28/2010 10:53 AM

GS Updated by Gurvinder Singh about 16 years ago Actions
Copy link
 #1

pcap will ??

GS Updated by Gurvinder Singh about 16 years ago Actions
Copy link
 #3

Here is the patch, which solves the issue and includes unit test too. For testing the same case in the future.

VJ Updated by Victor Julien about 16 years ago Actions
Copy link
 #4

  • Status changed from Resolved to Closed

Patch applied, thanks Gurvinder.

Actions
Copy link

Also available in: PDF Atom