Bug #2274
Updated by Victor Julien over 6 years ago
If someone accidently writes invalid characters in some parts of the suricata.yaml-configfile, the size-parameter of the ParseSizeString-function becomes NULL and gets dereferenced. Suricata crashes with SEGV. Here is an example: The following config value leads to a Segfault: app-layer.protocols.smtp.inspected-tracker.content-inspect-window: *4096 This is the ASAN-Output: <pre> ASAN:DEADLYSIGNAL ================================================================= ==16376==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7ff391ea3646 bp 0x7ffd38ec1300 sp 0x7ffd38ec0a88 T0) #0 0x7ff391ea3645 in strlen (/lib/x86_64-linux-gnu/libc.so.6+0x80645) #1 0x7ff3956baeec (/usr/lib/x86_64-linux-gnu/libasan.so.3+0x3beec) #2 0x5563ffcb566c in ParseSizeString /root/suricata-1/src/util-misc.c:78 #3 0x5563ffcb6671 in ParseSizeStringU32 /root/suricata-1/src/util-misc.c:179 #4 0x5563ff8c0d14 in SMTPConfigure /root/suricata-1/src/app-layer-smtp.c:316 #5 0x5563ff8cde4b in RegisterSMTPParsers /root/suricata-1/src/app-layer-smtp.c:1687 #6 0x5563ff8b26b7 in AppLayerParserRegisterProtocolParsers /root/suricata-1/src/app-layer-parser.c:1381 #7 0x5563ff7f5dac in AppLayerSetup /root/suricata-1/src/app-layer.c:750 #8 0x5563ffc2ca23 in PostConfLoadedSetup /root/suricata-1/src/suricata.c:2626 #9 0x5563ffc2e4f2 in main /root/suricata-1/src/suricata.c:2892 #10 0x7ff391e432b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0) #11 0x5563ff7d2d39 in _start (/usr/local/bin/suricata+0xc7d39) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x80645) in strlen ==16376==ABORTING </pre>