Actions
Bug #1279
closedBUG: NULL pointer dereference when suricata was debug mode.
Affected Versions:
Effort:
Difficulty:
Label:
Description
When the Suricata is operating as debug mode, there is null pointer reference bug at detect-tls.c:664.
This is call stack when the bug was occured.
#0 0x000000392e6480ac in vfprintf () from /lib64/libc.so.6 #1 0x000000392e66f9d2 in vsnprintf () from /lib64/libc.so.6 #2 0x000000392e64f4a3 in snprintf () from /lib64/libc.so.6 #3 0x000000000050a9c1 in DetectTlsFingerprintParse (str=<value optimized out>) at detect-tls.c:664 #4 0x000000000050afab in DetectTlsFingerprintSetup (de_ctx=<value optimized out>, s=0x13fa99300, str=<value optimized out>) at detect-tls.c:741 #5 0x00000000004f3e9a in SigParseOptions (de_ctx=0x13e41a6a0, s=0x13fa99300, sigstr=<value optimized out>, addrs_direction=250 '\372') at detect-parse.c:556 #6 SigParse (de_ctx=0x13e41a6a0, s=0x13fa99300, sigstr=<value optimized out>, addrs_direction=250 '\372') at detect-parse.c:870 #7 0x00000000004f5dd4 in SigInitHelper (de_ctx=0x13e41a6a0, sigstr=0x7ffffcdba130 "alert tls $EXTERNAL_NET any -> $HOME_NET any (msg:\"ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL certificate detected (KINS C2)\"; flow:from_server,established; content:\"|55 04 06|\"; conte"..., dir=0 '\000') at detect-parse.c:1355 #8 0x00000000004f6daf in SigInit (de_ctx=0x13e41a6a0, sigstr=0x7ffffcdba130 "alert tls $EXTERNAL_NET any -> $HOME_NET any (msg:\"ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL certificate detected (KINS C2)\"; flow:from_server,established; content:\"|55 04 06|\"; conte"...) at detect-parse.c:1578 #9 0x00000000004f7110 in DetectEngineAppendSig (de_ctx=0x13e41a6a0, sigstr=0x7ffffcdba130 "alert tls $EXTERNAL_NET any -> $HOME_NET any (msg:\"ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL certificate detected (KINS C2)\"; flow:from_server,established; content:\"|55 04 06|\"; conte"...) at detect-parse.c:1850 #10 0x00000000004896f8 in DetectLoadSigFile (de_ctx=0x13e41a6a0, sig_file=0x13e4ff460 "/usr/local/etc/suricata/rules/suricata.rules", sigs_tot=0x7ffffcdbd1ac) at detect.c:337 #11 0x000000000048a693 in SigLoadSignatures (de_ctx=0x13e41a6a0, sig_file=0x0, sig_file_exclusive=<value optimized out>) at detect.c:403 #12 0x00000000005af6f3 in LoadSignatures (de_ctx=0x13e41a6a0, suri=0x7ffffcdbe250) at suricata.c:1906 #13 0x00000000005b5851 in main (argc=<value optimized out>, argv=<value optimized out>) at suricata.c:2259
The code which cause NULL pointer derefreence BUG is:
tls->subject was not initialized yet... So "tls->subject" is NULL. SCLogDebug("will look for TLS fingerprint %s", tls->subject);
Updated by Peter Manev over 10 years ago
Which Suricata version is this reproducible on?
Updated by jeongun baek over 10 years ago
Peter Manev wrote:
Which Suricata version is this reproducible on?
Suricata version is "2.1dev (rev 22272f6)"
Updated by Victor Julien over 10 years ago
- Status changed from New to Closed
- Assignee set to Victor Julien
- Target version set to 2.1beta2
- % Done changed from 0 to 100
Fixed by https://github.com/inliniac/suricata/commit/8b4615f8e79d2230ffa243ceb1395aae7945bb95 in the master branch. Also addressed in the master-2.0.x branch.
Thanks for your report.
Actions