Project

General

Profile

Actions
Copy link

Bug #8505

open
SP

detect-engine-analyzer: use of free()'d memory in engine-analysis mode when engine-analysis is turned off

Bug #8505: detect-engine-analyzer: use of free()'d memory in engine-analysis mode when engine-analysis is turned off

Added by Sergey Pinaev 1 day ago. Updated 1 day ago.

Status:
New
Priority:
Normal
Assignee:
-
Target version:
TBD
Affected Versions:
Effort:
Difficulty:
Label:

Description

when engine-analysis is turned off in suricata.yaml:

engine-analysis:
  rules-fast-pattern: no
  rules: no

and we run suricata with --engine-analysis:
in gdb --args ./src/suricata --engine-analysis -c suricata.yaml -S ./rules/stream-events.rules

suricata will try to use data from de_ctx->ea wich is free'd in SetupEngineAnalysis()
because fp_analysis and rule_analysis is turned off:
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff7b4ac7b in _IO_new_fclose (fp=0xad96ab1cf5b38042) at ./libio/iofclose.c:48
48    ./libio/iofclose.c: Нет такого файла или каталога.
(gdb) where
#0  0x00007ffff7b4ac7b in _IO_new_fclose (fp=0xad96ab1cf5b38042)
    at ./libio/iofclose.c:48
#1  0x0000555555bd3049 in CleanupRuleAnalyzer (de_ctx=0x5555575a72e0)
    at detect-engine-analyzer.c:469
#2  CleanupEngineAnalysis (de_ctx=de_ctx@entry=0x5555575a72e0)
    at detect-engine-analyzer.c:515
#3  0x000055555582d270 in SigLoadSignatures (de_ctx=de_ctx@entry=0x5555575a72e0, 
    sig_file=0x7fffffffe2db "./rules/stream-events.rules", 
    sig_file_exclusive=<optimized out>) at detect-engine-loader.c:508
...

Actions
Copy link

Also available in: PDF Atom