|
=================================================================
|
|
AddressSanitizer: heap-buffer-overflow on address 0x61d00786ac80 at pc 0x7f2d377289ef bp 0x7f2d2ef525d0 sp 0x7f2d2ef51d90
|
|
WRITE of size 16294 at 0x61d00786ac80 thread T1 (W#01-eth1)
|
|
#0 0x7f2d377289ee in __interceptor_memcpy (/lib64/libasan.so.8+0x6e9ee) (BuildId: 2b657470ea196ba4342e3bd8a3cc138b1e200599)
|
|
#1 0x7b66ba in StreamingBufferAppend (/usr/sbin/suricata+0x7b66ba) (BuildId: b8959cd17c001b271410f82351cc1f4115f21705)
|
|
#2 0x7f15c6 in HtpBodyAppendChunk (/usr/sbin/suricata+0x7f15c6) (BuildId: b8959cd17c001b271410f82351cc1f4115f21705)
|
|
#3 0x576e5b in HTPCallbackResponseBodyData (/usr/sbin/suricata+0x576e5b) (BuildId: b8959cd17c001b271410f82351cc1f4115f21705)
|
|
#4 0x7f2d37676e43 in htp_hook_run_all (/lib64/libhtp.so.2+0x1ae43) (BuildId: a46e2bce04337936562470fc9167ed844b1dfacd)
|
|
#5 0x7f2d3769123d in htp_tx_res_process_body_data_ex (/lib64/libhtp.so.2+0x3523d) (BuildId: a46e2bce04337936562470fc9167ed844b1dfacd)
|
|
#6 0x7f2d37688172 in htp_connp_RES_LINE (/lib64/libhtp.so.2+0x2c172) (BuildId: a46e2bce04337936562470fc9167ed844b1dfacd)
|
|
#7 0x7f2d3768acb4 in htp_connp_res_data (/lib64/libhtp.so.2+0x2ecb4) (BuildId: a46e2bce04337936562470fc9167ed844b1dfacd)
|
|
#8 0x57d580 in HTPHandleResponseData (/usr/sbin/suricata+0x57d580) (BuildId: b8959cd17c001b271410f82351cc1f4115f21705)
|
|
#9 0x58ac7b in AppLayerParserParse (/usr/sbin/suricata+0x58ac7b) (BuildId: b8959cd17c001b271410f82351cc1f4115f21705)
|
|
#10 0x5622f3 in AppLayerHandleTCPData (/usr/sbin/suricata+0x5622f3) (BuildId: b8959cd17c001b271410f82351cc1f4115f21705)
|
|
#11 0x7685a8 in ReassembleUpdateAppLayer (/usr/sbin/suricata+0x7685a8) (BuildId: b8959cd17c001b271410f82351cc1f4115f21705)
|
|
#12 0x76b81a in StreamTcpReassembleAppLayer (/usr/sbin/suricata+0x76b81a) (BuildId: b8959cd17c001b271410f82351cc1f4115f21705)
|
|
#13 0x76b949 in StreamTcpReassembleHandleSegmentUpdateACK (/usr/sbin/suricata+0x76b949) (BuildId: b8959cd17c001b271410f82351cc1f4115f21705)
|
|
#14 0x76cf43 in StreamTcpReassembleHandleSegment (/usr/sbin/suricata+0x76cf43) (BuildId: b8959cd17c001b271410f82351cc1f4115f21705)
|
|
#15 0x747d91 in HandleEstablishedPacketToServer (/usr/sbin/suricata+0x747d91) (BuildId: b8959cd17c001b271410f82351cc1f4115f21705)
|
|
#16 0x74ad9c in StreamTcpPacketStateEstablished (/usr/sbin/suricata+0x74ad9c) (BuildId: b8959cd17c001b271410f82351cc1f4115f21705)
|
|
#17 0x75c531 in StreamTcpStateDispatch (/usr/sbin/suricata+0x75c531) (BuildId: b8959cd17c001b271410f82351cc1f4115f21705)
|
|
#18 0x75cfb1 in StreamTcpPacket (/usr/sbin/suricata+0x75cfb1) (BuildId: b8959cd17c001b271410f82351cc1f4115f21705)
|
|
#19 0x75d592 in StreamTcp (/usr/sbin/suricata+0x75d592) (BuildId: b8959cd17c001b271410f82351cc1f4115f21705)
|
|
#20 0x6c82e2 in FlowWorkerStreamTCPUpdate (/usr/sbin/suricata+0x6c82e2) (BuildId: b8959cd17c001b271410f82351cc1f4115f21705)
|
|
#21 0x6c98d4 in FlowWorker (/usr/sbin/suricata+0x6c98d4) (BuildId: b8959cd17c001b271410f82351cc1f4115f21705)
|
|
#22 0x5297fa in TmThreadsSlotVarRun (/usr/sbin/suricata+0x5297fa) (BuildId: b8959cd17c001b271410f82351cc1f4115f21705)
|
|
#23 0x71f73c in TmThreadsSlotProcessPkt (/usr/sbin/suricata+0x71f73c) (BuildId: b8959cd17c001b271410f82351cc1f4115f21705)
|
|
#24 0x71fd20 in AFPParsePacketV3 (/usr/sbin/suricata+0x71fd20) (BuildId: b8959cd17c001b271410f82351cc1f4115f21705)
|
|
#25 0x71ff57 in AFPWalkBlock (/usr/sbin/suricata+0x71ff57) (BuildId: b8959cd17c001b271410f82351cc1f4115f21705)
|
|
#26 0x720112 in AFPReadFromRingV3 (/usr/sbin/suricata+0x720112) (BuildId: b8959cd17c001b271410f82351cc1f4115f21705)
|
|
#27 0x72678a in ReceiveAFPLoop (/usr/sbin/suricata+0x72678a) (BuildId: b8959cd17c001b271410f82351cc1f4115f21705)
|
|
#28 0x52c8e6 in TmThreadsSlotPktAcqLoop (/usr/sbin/suricata+0x52c8e6) (BuildId: b8959cd17c001b271410f82351cc1f4115f21705)
|
|
#29 0x7f2d36f5f896 in start_thread (/lib64/libc.so.6+0x8e896) (BuildId: e0b579ca7024cf12a2686b60cf49d1d9e3ff6273)
|
|
#30 0x7f2d36fe68c3 in __clone (/lib64/libc.so.6+0x1158c3) (BuildId: e0b579ca7024cf12a2686b60cf49d1d9e3ff6273)
|
|
|
|
0x61d00786ac80 is located 0 bytes after 2048-byte region [0x61d00786a480,0x61d00786ac80)
|
|
allocated by thread T1 (W#01-eth1) here:
|
|
#0 0x7f2d37792cc7 in calloc (/lib64/libasan.so.8+0xd8cc7) (BuildId: 2b657470ea196ba4342e3bd8a3cc138b1e200599)
|
|
#1 0x545a6e in SCCallocFunc (/usr/sbin/suricata+0x545a6e) (BuildId: b8959cd17c001b271410f82351cc1f4115f21705)
|
|
#2 0x58096e in HTPCalloc (/usr/sbin/suricata+0x58096e) (BuildId: b8959cd17c001b271410f82351cc1f4115f21705)
|
|
#3 0x7ad51b in InitBuffer (/usr/sbin/suricata+0x7ad51b) (BuildId: b8959cd17c001b271410f82351cc1f4115f21705)
|
|
#4 0x7b60b2 in StreamingBufferInit (/usr/sbin/suricata+0x7b60b2) (BuildId: b8959cd17c001b271410f82351cc1f4115f21705)
|
|
#5 0x7f169d in HtpBodyAppendChunk (/usr/sbin/suricata+0x7f169d) (BuildId: b8959cd17c001b271410f82351cc1f4115f21705)
|
|
#6 0x576e5b in HTPCallbackResponseBodyData (/usr/sbin/suricata+0x576e5b) (BuildId: b8959cd17c001b271410f82351cc1f4115f21705)
|
|
#7 0x7f2d37676e43 in htp_hook_run_all (/lib64/libhtp.so.2+0x1ae43) (BuildId: a46e2bce04337936562470fc9167ed844b1dfacd)
|
|
#8 0x7f2d3769123d in htp_tx_res_process_body_data_ex (/lib64/libhtp.so.2+0x3523d) (BuildId: a46e2bce04337936562470fc9167ed844b1dfacd)
|
|
#9 0x7f2d37688172 in htp_connp_RES_LINE (/lib64/libhtp.so.2+0x2c172) (BuildId: a46e2bce04337936562470fc9167ed844b1dfacd)
|
|
#10 0x7f2d3768acb4 in htp_connp_res_data (/lib64/libhtp.so.2+0x2ecb4) (BuildId: a46e2bce04337936562470fc9167ed844b1dfacd)
|
|
#11 0x57d580 in HTPHandleResponseData (/usr/sbin/suricata+0x57d580) (BuildId: b8959cd17c001b271410f82351cc1f4115f21705)
|
|
#12 0x58ac7b in AppLayerParserParse (/usr/sbin/suricata+0x58ac7b) (BuildId: b8959cd17c001b271410f82351cc1f4115f21705)
|
|
#13 0x5622f3 in AppLayerHandleTCPData (/usr/sbin/suricata+0x5622f3) (BuildId: b8959cd17c001b271410f82351cc1f4115f21705)
|
|
#14 0x7685a8 in ReassembleUpdateAppLayer (/usr/sbin/suricata+0x7685a8) (BuildId: b8959cd17c001b271410f82351cc1f4115f21705)
|
|
#15 0x76b81a in StreamTcpReassembleAppLayer (/usr/sbin/suricata+0x76b81a) (BuildId: b8959cd17c001b271410f82351cc1f4115f21705)
|
|
#16 0x76b949 in StreamTcpReassembleHandleSegmentUpdateACK (/usr/sbin/suricata+0x76b949) (BuildId: b8959cd17c001b271410f82351cc1f4115f21705)
|
|
#17 0x76cf43 in StreamTcpReassembleHandleSegment (/usr/sbin/suricata+0x76cf43) (BuildId: b8959cd17c001b271410f82351cc1f4115f21705)
|
|
#18 0x747d91 in HandleEstablishedPacketToServer (/usr/sbin/suricata+0x747d91) (BuildId: b8959cd17c001b271410f82351cc1f4115f21705)
|
|
#19 0x74ad9c in StreamTcpPacketStateEstablished (/usr/sbin/suricata+0x74ad9c) (BuildId: b8959cd17c001b271410f82351cc1f4115f21705)
|
|
#20 0x75c531 in StreamTcpStateDispatch (/usr/sbin/suricata+0x75c531) (BuildId: b8959cd17c001b271410f82351cc1f4115f21705)
|
|
#21 0x75cfb1 in StreamTcpPacket (/usr/sbin/suricata+0x75cfb1) (BuildId: b8959cd17c001b271410f82351cc1f4115f21705)
|
|
#22 0x75d592 in StreamTcp (/usr/sbin/suricata+0x75d592) (BuildId: b8959cd17c001b271410f82351cc1f4115f21705)
|
|
#23 0x6c82e2 in FlowWorkerStreamTCPUpdate (/usr/sbin/suricata+0x6c82e2) (BuildId: b8959cd17c001b271410f82351cc1f4115f21705)
|
|
#24 0x6c98d4 in FlowWorker (/usr/sbin/suricata+0x6c98d4) (BuildId: b8959cd17c001b271410f82351cc1f4115f21705)
|
|
#25 0x5297fa in TmThreadsSlotVarRun (/usr/sbin/suricata+0x5297fa) (BuildId: b8959cd17c001b271410f82351cc1f4115f21705)
|
|
#26 0x71f73c in TmThreadsSlotProcessPkt (/usr/sbin/suricata+0x71f73c) (BuildId: b8959cd17c001b271410f82351cc1f4115f21705)
|
|
#27 0x71fd20 in AFPParsePacketV3 (/usr/sbin/suricata+0x71fd20) (BuildId: b8959cd17c001b271410f82351cc1f4115f21705)
|
|
#28 0x71ff57 in AFPWalkBlock (/usr/sbin/suricata+0x71ff57) (BuildId: b8959cd17c001b271410f82351cc1f4115f21705)
|
|
#29 0x720112 in AFPReadFromRingV3 (/usr/sbin/suricata+0x720112) (BuildId: b8959cd17c001b271410f82351cc1f4115f21705)
|
|
|
|
Thread T1 (W#01-eth1) created by T0 (Suricata-Main) here:
|
|
#0 0x7f2d37702956 in pthread_create (/lib64/libasan.so.8+0x48956) (BuildId: 2b657470ea196ba4342e3bd8a3cc138b1e200599)
|
|
#1 0x52d621 in TmThreadSpawn (/usr/sbin/suricata+0x52d621) (BuildId: b8959cd17c001b271410f82351cc1f4115f21705)
|
|
#2 0x852ff1 in RunModeSetLiveCaptureWorkersForDevice (/usr/sbin/suricata+0x852ff1) (BuildId: b8959cd17c001b271410f82351cc1f4115f21705)
|
|
#3 0x85410f in RunModeSetLiveCaptureWorkers (/usr/sbin/suricata+0x85410f) (BuildId: b8959cd17c001b271410f82351cc1f4115f21705)
|
|
#4 0x84d235 in RunModeIdsAFPWorkers (/usr/sbin/suricata+0x84d235) (BuildId: b8959cd17c001b271410f82351cc1f4115f21705)
|
|
#5 0x71c2ec in RunModeDispatch (/usr/sbin/suricata+0x71c2ec) (BuildId: b8959cd17c001b271410f82351cc1f4115f21705)
|
|
#6 0x526537 in SuricataMain (/usr/sbin/suricata+0x526537) (BuildId: b8959cd17c001b271410f82351cc1f4115f21705)
|
|
#7 0x51c7e2 in main (/usr/sbin/suricata+0x51c7e2) (BuildId: b8959cd17c001b271410f82351cc1f4115f21705)
|
|
#8 0x7f2d36ef9149 in __libc_start_call_main (/lib64/libc.so.6+0x28149) (BuildId: e0b579ca7024cf12a2686b60cf49d1d9e3ff6273)
|
|
#9 0x7f2d36ef920a in __libc_start_main_impl (/lib64/libc.so.6+0x2820a) (BuildId: e0b579ca7024cf12a2686b60cf49d1d9e3ff6273)
|
|
#10 0x51c714 in _start (/usr/sbin/suricata+0x51c714) (BuildId: b8959cd17c001b271410f82351cc1f4115f21705)
|
|
|
|
AddressSanitizer: heap-buffer-overflow (/lib64/libasan.so.8+0x6e9ee) (BuildId: 2b657470ea196ba4342e3bd8a3cc138b1e200599) in __interceptor_memcpy
|
|
Shadow bytes around the buggy address:
|
|
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
|
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
|
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
|
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
|
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
|
=>0x61d00786ac80:[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
|
fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
|
fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
|
fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
|
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
|
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
|
Shadow byte legend (one shadow byte represents 8 application bytes):
|
|
00
|
|
Partially addressable: 01 02 03 04 05 06 07
|
|
Heap left redzone: fa
|
|
Freed heap region: fd
|
|
Stack left redzone: f1
|
|
Stack mid redzone: f2
|
|
Stack right redzone: f3
|
|
Stack after return: f5
|
|
Stack use after scope: f8
|
|
Global redzone: f9
|
|
Global init order: f6
|
|
Poisoned by user: f7
|
|
Container overflow: fc
|
|
Array cookie: ac
|
|
Intra object redzone: bb
|
|
ASan internal: fe
|
|
Left alloca redzone: ca
|
|
Right alloca redzone: cb
|
|
==54==ABORTING
|