Bug #7636
closedtcp: assertion triggered in StreamTcpReassembleAppLayer
Description
Found by oss-fuzz:
https://issues.oss-fuzz.com/u/1/issues/407269999
fuzz_predefpcap_aware: stream-tcp-reassemble.c:1425: int StreamTcpReassembleAppLayer(ThreadVars *, TcpReassemblyThreadCtx *, TcpSession *, TcpStream *, Packet *, enum StreamUpdateDir): Assertion `!(((stream_flags & 2) == 0))' failed.
Regression range is https://github.com/OISF/suricata/compare/cd69955d7fca991d0ffc615f6ee7dce9dd20a3c5...834378ff887b3d6ac1903efb7a3e7164f593abd0
Reproducer is./src/suricata -c fuzz.yaml -k none -r lol2.pcap --disable-detection -l log --runmode=single
but this does not trigger on my other device...
Files
VJ Updated by Victor Julien about 1 year ago
- Target version changed from 8.0.0-beta1 to 8.0.0-rc1
PA Updated by Philippe Antoine about 1 year ago
- Priority changed from Normal to High
Victor, how bad is this assertion ?
VJ Updated by Victor Julien about 1 year ago
- Target version changed from 8.0.0-rc1 to 9.0.0-beta1
PA Updated by Philippe Antoine about 1 year ago
I do not think this bug is bad.
I think it only happens in midstream with fin+syn packets after some first midstream packet
Impact would be some structures kept in memory a bit longer than needed...
PA Updated by Philippe Antoine 11 months ago
- Affected Versions 8.0.0 added
PA Updated by Philippe Antoine 10 months ago
@Shivani Bhardwaj you added the assertion in https://github.com/OISF/suricata/commit/d096b989c813dcc71154a9080cadaee927e45d24
It is not true if ssn->state TCP_CLOSING
What should we do ?
- remove the assertion
- use stream_flags | STREAM_EOF in AppLayerHandleTCPData
- have StreamGetAppLayerFlags consider ssn->state >= TCP_CLOSING. instead of ssn->state TCP_CLOSED
SB Updated by Shivani Bhardwaj 10 months ago
Philippe Antoine wrote in #note-6:
@Shivani Bhardwaj you added the assertion in https://github.com/OISF/suricata/commit/d096b989c813dcc71154a9080cadaee927e45d24
It is not true if
ssn->state TCP_CLOSING
Thank you, Philippe! Indeed your analysis is correct.
What should we do ?
- remove the assertion
- use stream_flags | STREAM_EOF in AppLayerHandleTCPData
- haveStreamGetAppLayerFlagsconsiderssn->state >= TCP_CLOSING. instead ofssn->state TCP_CLOSED
TCP_CLOSING seems to not be treated as EOF ref: in StreamTcpPacketSetState, flow's state is updated to "established" if TCP state was "closing" so perhaps removal of assertion is the best course of action. Lmk wdyt?
PA Updated by Philippe Antoine 10 months ago
- Target version changed from 9.0.0-beta1 to 8.0.1
Ok, should you the PR, or should I ?
SB Updated by Shivani Bhardwaj 10 months ago
Philippe Antoine wrote in #note-8:
Ok, should you the PR, or should I ?
Please check: https://github.com/OISF/suricata/pull/13762
PA Updated by Philippe Antoine 10 months ago
- Assignee changed from Victor Julien to Shivani Bhardwaj
PA Updated by Philippe Antoine 10 months ago
- Status changed from New to In Review
PA Updated by Philippe Antoine 9 months ago
- Status changed from In Review to Closed
VJ Updated by Victor Julien 8 months ago
- Priority changed from High to Normal
VJ Updated by Victor Julien 8 months ago
- Private changed from Yes to No