Project

General

Profile

Actions

Bug #1163

closed

HTP Segfault

Added by Brad Roether over 10 years ago. Updated over 10 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

HTP Segfaults - irregular period of time between incidents (have observed cores within as little as 2 minutes or as long as 18+ hours)

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fffb743f700 (LWP 23342)]
0x00007ffff7bcdf8c in htp_connp_REQ_CONNECT_WAIT_RESPONSE (connp=0x7ffdebef14d0) at htp_request.c:322
322         if (connp->in_tx->response_progress <= HTP_RESPONSE_LINE) {
(gdb)
(gdb) bt
#0  0x00007ffff7bcdf8c in htp_connp_REQ_CONNECT_WAIT_RESPONSE (connp=0x7ffdebef14d0) at htp_request.c:322
#1  0x00007ffff7bce3f9 in htp_connp_req_data (connp=0x7ffdebef14d0, timestamp=<value optimized out>, data=<value optimized out>, len=<value optimized out>)
    at htp_request.c:851
#2  0x00000000004230b1 in HTPHandleRequestData (f=<value optimized out>, htp_state=0x7fff90e4b130, pstate=0x7fff3043f900,
    input=0x7fffb743c920 "CONNECT tools.google.com:443 HTTP/1.0\r\nHost: tools.google.com\r\nContent-Length: 0\r\nProxy-Connection: Keep-Alive\r\nProxy-Authorization: Negotiate TlRMTVNTUAADAAAAAQABAGIAAAAAAAAAYwAAAAAAAABIAAAAAAAAAEgAA"..., input_len=<value optimized out>, local_data=<value optimized out>) at app-layer-htp.c:720
#3  0x0000000000427d7a in AppLayerParserParse (alp_tctx=<value optimized out>, f=0x7fff5c98baf0, alproto=1, flags=6 '\006', input=<value optimized out>,
    input_len=<value optimized out>) at app-layer-parser.c:818
#4  0x0000000000410219 in AppLayerHandleTCPData (tv=0x1390ed00, ra_ctx=0x7fffb00135f0, p=0x3738460, f=0x7fff5c98baf0, ssn=0x7ffe90debd90, stream=<value optimized out>,
    data=0x7fffb743c920 "CONNECT tools.google.com:443 HTTP/1.0\r\nHost: tools.google.com\r\nContent-Length: 0\r\nProxy-Connection: Keep-Alive\r\nProxy-Authorization: Negotiate TlRMTVNTUAADAAAAAQABAGIAAAAAAAAAYwAAAAAAAABIAAAAAAAAAEgAA"..., data_len=279, flags=6 '\006') at app-layer.c:360
#5  0x0000000000517875 in StreamTcpReassembleAppLayer (tv=0x1390ed00, ra_ctx=0x7fffb00135f0, ssn=0x7ffe90debd90, stream=0x7ffe90debde0, p=0x3738460)
    at stream-tcp-reassemble.c:3199
#6  0x0000000000517d00 in StreamTcpReassembleHandleSegmentUpdateACK (tv=0x1390ed00, ra_ctx=0x7fffb00135f0, ssn=0x7ffe90debd90, stream=0x7ffe90debde0, p=0x3738460)
    at stream-tcp-reassemble.c:3545
#7  0x0000000000519e9a in StreamTcpReassembleHandleSegment (tv=0x1390ed00, ra_ctx=0x7fffb00135f0, ssn=0x7ffe90debd90, stream=0x7ffe90debd98, p=0x3738460,
    pq=<value optimized out>) at stream-tcp-reassemble.c:3573
#8  0x00000000005146e5 in StreamTcpPacket (tv=0x1390ed00, p=0x43734a0, stt=0x7fffb0012f00, pq=0x137ecb20) at stream-tcp.c:4363
#9  0x0000000000515cec in StreamTcp (tv=0x1390ed00, p=0x43734a0, data=0x7fffb0012f00, pq=0x137ecb20, postpq=<value optimized out>) at stream-tcp.c:4485
#10 0x000000000052a4d0 in TmThreadsSlotVarRun (tv=0x1390ed00, p=0x43734a0, slot=<value optimized out>) at tm-threads.c:559
#11 0x000000000050bdef in TmThreadsSlotProcessPkt (tv=0x1390ed00, data=<value optimized out>, slot=<value optimized out>) at tm-threads.h:142
#12 ReceivePfringLoop (tv=0x1390ed00, data=<value optimized out>, slot=<value optimized out>) at source-pfring.c:361
#13 0x000000000052a11e in TmThreadsSlotPktAcqLoop (td=0x1390ed00) at tm-threads.c:703
#14 0x00007ffff51be9d1 in start_thread (arg=0x7fffb743f700) at pthread_create.c:301
#15 0x00007ffff4d07b6d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:115

--build-info:

This is Suricata version 2.0 RELEASE
Features: PCAP_SET_BUFF LIBPCAP_VERSION_MAJOR=1 PF_RING HAVE_PACKET_FANOUT LIBCAP_NG LIBNET1.1 HAVE_HTP_URI_NORMALIZE_HOOK PCRE_JIT HAVE_NSS HAVE_LUAJIT HAVE_LIBJANSSON PROFILING
SIMD support: SSE_4_2 SSE_4_1 SSE_3
Atomic intrisics: 1 2 4 8 16 byte(s)
64-bits, Little-endian architecture
GCC version 4.4.7 20120313 (Red Hat 4.4.7-4), C version 199901
compiled with -fstack-protector
compiled with _FORTIFY_SOURCE=2
L1 cache line size (CLS)=64
compiled with LibHTP v0.5.10, linked against LibHTP v0.5.10
Suricata Configuration:
  AF_PACKET support:                       no
  PF_RING support:                         yes
  NFQueue support:                         no
  IPFW support:                            no
  DAG enabled:                             no
  Napatech enabled:                        no
  Unix socket enabled:                     yes
  Detection enabled:                       yes

  libnss support:                          yes
  libnspr support:                         yes
  libjansson support:                      yes
  Prelude support:                         no
  PCRE jit:                                yes
  libluajit:                               yes
  libgeoip:                                yes
  Non-bundled htp:                         no
  Old barnyard2 support:                   no
  CUDA enabled:                            no

  Suricatasc install:                      yes

  Unit tests enabled:                      no
  Debug output enabled:                    no
  Debug validation enabled:                no
  Profiling enabled:                       yes
  Profiling locks enabled:                 no
  Coccinelle / spatch:                     no

Generic build parameters:
  Installation prefix (--prefix):          [ REDACTED ]
  Configuration directory (--sysconfdir):  [ REDACTED ]
  Log directory (--localstatedir) :        [ REDACTED ]

  Host:                                    x86_64-unknown-linux-gnu
  GCC binary:                              gcc
  GCC Protect enabled:                     yes
  GCC march native enabled:                yes
  GCC Profile enabled:                     no

Other configuration items of interest:
-Using PF_RING build 7180 w/ DNA driver on Intel 82599 NIC
-Suricata is using runmode: workers and cluster_flow
-Included IRQ affinity script is being used
-ixgbe parameters: MQ=1,1 RSS=16,16 FdirPballoc=3,3 num_rx_slots=32768 mtu=1500
-pf_ring parameters: transparent_mode=2 quick_mode=1 enable_frag_coherence=1 min_num_slots=65536 enable_tx_capture=0 enable_ip_defrag=0

Actions

Also available in: Atom PDF