Project

General

Profile

Actions

Bug #935

closed

Segfault when file extraction is enabled

Added by Cooper Nelson over 10 years ago. Updated almost 8 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Target version:
-
Affected Versions:
Effort:
Difficulty:
Label:

Description

I have one rule enabled to extract "PE32 executable" files. Suricata will consistently segfault after a few hours of running with an error like this:

[468573.634022] AFPacketeth2107763: segfault at 31d89dbcf18 ip 0000031da889509b sp 0000031d89dbcf20 error 6 in libc-2.17.so[31da8871000+1a2000]

I've attached the gdb.txt output for review.


Files

gdb.txt (3.15 MB) gdb.txt Cooper Nelson, 09/01/2013 10:10 AM
Actions #1

Updated by Anoop Saldanha over 10 years ago

Looking at the call explosion on thread1, wondering if this is a bug with libmagic.

Actions #2

Updated by Victor Julien over 10 years ago

Indeed. It would be interesting if we could get the full 512 bytes that are sent as 'bug' to libmagic on:
#47509 0x0000002f2e7ac175 in MagicThreadLookup (ctx=0x31d7072bc50, buf=0x31a22181b60 "\312\376\272\276", buflen=512) at util-magic.c:129

Actions #3

Updated by Victor Julien over 10 years ago

  • Target version set to TBD
Actions #4

Updated by Cooper Nelson over 10 years ago

I believe this is fixed by using the current revision of libmagic, v. 5.15.

Actions #5

Updated by Andreas Herz over 8 years ago

Can anyone confirm this?

Actions #6

Updated by Victor Julien almost 8 years ago

  • Status changed from New to Closed
  • Target version deleted (TBD)
Actions

Also available in: Atom PDF