Actions
Bug #7815
openSuricata 8.0.0 segfault when receiving "pcap-file-list" command
Affected Versions:
Effort:
Difficulty:
Label:
Description
Suricata 8.0.0 segfaults when after the 2nd "pcap-file-list" command.
Running in pcap mode (no interfaces) and unix-socket enabled.
With suricata running, I can reproduce the segfault with this command:
# for x in {1..3}; do rm -rf /tmp/$x; mkdir /tmp/$x; chown suricata:suricata /tmp/$x; echo "Submitting PCAP $x"; suricatasc -c "pcap-file /recording.pcap /tmp/$x"; suricatasc -c "pcap-file-list"; suricatasc -c "pcap-current"; echo; sleep 1; done
Submitting PCAP 1
{"message":"Successfully added file to list","return":"OK"}
{"message":{"count":0,"files":[]},"return":"OK"}
{"message":"/recording.pcap","return":"OK"}
Submitting PCAP 2
{"message":"Successfully added file to list","return":"OK"}
Unable to connect socket to /var/run/suricata/suricata-command.socket: ioerror: `Connection reset by peer (os error 104)`
Unable to connect socket to /var/run/suricata/suricata-command.socket: ioerror: `Connection refused (os error 111)`
Submitting PCAP 3
Unable to connect socket to /var/run/suricata/suricata-command.socket: ioerror: `Connection refused (os error 111)`
Unable to connect socket to /var/run/suricata/suricata-command.socket: ioerror: `Connection refused (os error 111)`
Unable to connect socket to /var/run/suricata/suricata-command.socket: ioerror: `Connection refused (os error 111)`
Core dump:
(gdb) frame 0
#0 OutputTxLoggerGetActiveCount () at output-tx.c:632
632 for (OutputTxLogger *p = list[alproto]; p != NULL; p = p->next) {
(gdb) list
627
628 static uint32_t OutputTxLoggerGetActiveCount(void)
629 {
630 uint32_t cnt = 0;
631 for (AppProto alproto = 0; alproto < g_alproto_max; alproto++) {
632 for (OutputTxLogger *p = list[alproto]; p != NULL; p = p->next) {
633 cnt++;
634 }
635 }
636
(gdb) bt
#0 OutputTxLoggerGetActiveCount () at output-tx.c:632
#1 0x000055dc01d2ba24 in OutputSetupActiveLoggers () at output.c:907
#2 0x000055dc01d35ac2 in RunModeInitializeOutputs () at runmodes.c:946
#3 0x000055dc01c40e17 in PreRunPostPrivsDropInit (runmode=<optimized out>) at suricata.c:2322
#4 PreRunPostPrivsDropInit (runmode=<optimized out>) at suricata.c:2315
#5 0x000055dc01d31497 in UnixSocketPcapFilesCheck (data=0x7f8db8f39c80) at runmode-unix-socket.c:546
#6 0x000055dc01c4bcde in UnixCommandBackgroundTasks (this=0x55dc03939b20 <command>) at unix-manager.c:443
#7 UnixManager (th_v=0x7f8db44d6dc0, thread_data=<optimized out>) at unix-manager.c:1179
#8 0x000055dc01c4640a in TmThreadsManagement (td=0x7f8db44d6dc0) at tm-threads.c:571
#9 0x00007f8dc2247aa4 in ?? () from /lib/x86_64-linux-gnu/libc.so.6
#10 0x00007f8dc22d4c3c in ?? () from /lib/x86_64-linux-gnu/libc.so.6
Build info:
This is Suricata version 8.0.0 RELEASE
Features: DEBUG PCAP_SET_BUFF AF_PACKET HAVE_PACKET_FANOUT LIBCAP_NG LIBNET1.1 HAVE_HTP_URI_NORMALIZE_HOOK PCRE_JIT HAVE_NSS HTTP2_DECOMPRESSION HAVE_LUA HAVE_JA3 HAVE_JA4 HAVE_LIBJANSSON TLS TLS_C11 MAGIC RUST POPCNT64
SIMD support: SSE_4_2 SSE_4_1 SSE_3 SSE_2
Atomic intrinsics: 1 2 4 8 16 byte(s)
64-bits, Little-endian architecture
GCC version 13.3.0, C version 201112
L1 cache line size (CLS)=64
thread local storage method: _Thread_local
compiled with LibHTP v8.0.0
Suricata Configuration:
AF_PACKET support: yes
AF_XDP support: no
DPDK support: no
eBPF support: no
XDP support: no
PF_RING support: no
NFQueue support: no
NFLOG support: no
IPFW support: no
Netmap support: no
DAG enabled: no
Napatech enabled: no
WinDivert enabled: no
Npcap support:
Unix socket enabled: yes
Detection enabled: yes
Libmagic support: yes
libjansson support: yes
hiredis support: no
hiredis async with libevent: no
PCRE jit: yes
GeoIP2 support: no
JA3 support: yes
JA4 support: yes
Hyperscan support: no
Hwloc support: no
Libnet support: yes
liblz4 support: no
Landlock support: yes
Systemd support: yes
Rust strict mode: no
Rust compiler path: /usr/bin/rustc
Rust compiler version: rustc 1.75.0 (82e1608df 2023-12-21) (built from a source tarball)
Cargo path: /usr/bin/cargo
Cargo version: cargo 1.75.0
Python support: yes
Python path: /opt/venv/bin/python3
Install suricatactl: yes
Install suricatasc: yes
Install suricata-update: yes
Profiling enabled: no
Profiling locks enabled: no
Profiling rules enabled: no
Plugin support (experimental): yes
DPDK Bond PMD: no
Plugins:
nDPI: no
Development settings:
Coccinelle / spatch: no
Unit tests enabled: no
Debug output enabled: yes
Debug validation enabled: no
Fuzz targets enabled: no
Generic build parameters:
Installation prefix: /usr
Configuration directory: /etc/suricata/
Log directory: /var/log/suricata/
--prefix /usr
--sysconfdir /etc
--localstatedir /var
--datarootdir /usr/share
Host: x86_64-pc-linux-gnu
Compiler: gcc (exec name) / g++ (real)
GCC Protect enabled: no
GCC march native enabled: yes
GCC Profile enabled: no
Position Independent Executable enabled: no
CFLAGS -g -O2 -fPIC -DOS_LINUX -std=c11 -march=native -I${srcdir}/../rust/gen -I${srcdir}/../rust/dist -I../rust/gen
PCAP_CFLAGS -I/usr/include/dbus-1.0 -I/usr/lib/x86_64-linux-gnu/dbus-1.0/include -I/usr/include/libnl3
SECCFLAGS
Updated by Andrea De Pasquale 3 days ago
With this patch, the segfault can be avoided. Not sure it's an appropriate fix though.
diff --git a/src/output-tx.c b/src/output-tx.c
index b5a1852fa..d6a50eba2 100644
--- a/src/output-tx.c
+++ b/src/output-tx.c
@@ -627,6 +627,10 @@ static TmEcode OutputTxLogThreadDeinit(ThreadVars *tv, void *thread_data)
static uint32_t OutputTxLoggerGetActiveCount(void)
{
+ if (list == NULL) {
+ return 0;
+ }
+
uint32_t cnt = 0;
for (AppProto alproto = 0; alproto < g_alproto_max; alproto++) {
for (OutputTxLogger *p = list[alproto]; p != NULL; p = p->next) {
Actions