Actions
Bug #1340
closednull ptr dereference in Suricata v2.1beta2 (output-json.c:347)
Affected Versions:
Effort:
Difficulty:
Label:
Description
Hi,
I've got a segfault today. Here is the build and bt outputs:
This is Suricata version 2.1beta2 RELEASE Features: PCAP_SET_BUFF LIBPCAP_VERSION_MAJOR=1 AF_PACKET HAVE_PACKET_FANOUT LIBCAP_NG HAVE_HTP_URI_NORMALIZE_HOOK PCRE_JIT HAVE_LIBJANSSON SIMD support: SSE_4_2 SSE_4_1 SSE_3 Atomic intrisics: 1 2 4 8 16 byte(s) 64-bits, Little-endian architecture GCC version 4.7.2, C version 199901 L1 cache line size (CLS)=64 compiled with LibHTP v0.5.15, linked against LibHTP v0.5.15 Suricata Configuration: AF_PACKET support: yes PF_RING support: no NFQueue support: no NFLOG support: no IPFW support: no DAG enabled: no Napatech enabled: no Unix socket enabled: yes Detection enabled: yes libnss support: no libnspr support: no libjansson support: yes Prelude support: no PCRE jit: yes LUA support: no libluajit: no libgeoip: no Non-bundled htp: no Old barnyard2 support: no CUDA enabled: no Suricatasc install: yes Unit tests enabled: no Debug output enabled: no Debug validation enabled: no Profiling enabled: no Profiling locks enabled: no Coccinelle / spatch: no Generic build parameters: Installation prefix (--prefix): /usr Configuration directory (--sysconfdir): /etc/suricata/ Log directory (--localstatedir) : /var/log/suricata/ Host: x86_64-unknown-linux-gnu GCC binary: gcc GCC Protect enabled: no GCC march native enabled: yes GCC Profile enabled: no
(gdb) bt full
#0 0x00007ffff737e194 in pthread_mutex_lock () from /lib/x86_64-linux-gnu/libpthread.so.0
No symbol table info available.
#1 0x0000000000568761 in OutputJSONBuffer (js=0xec93a0, file_ctx=0x0, buffer=0x30527d50) at output-json.c:347
js_s = 0x3054a710 "{\"timestamp\":\"2014-12-17T22:27:21.635729\",\"flow_id\":691273264,\"event_type\":\"flow\",\"src_ip\":\"192.168.183.135\",\"src_port\":22,\"dest_ip\":\"192.168.183.1\",\"dest_port\":54987,\"proto\":\"TCP\",\"flow\":{\"pkts_toser"...
#2 0x00000000005599b6 in JsonFlowLogger (tv=0x305279d0, thread_data=0x1f14530, f=0x2933fe30) at output-json-flow.c:327
jhl = 0x1f14530
buffer = 0x30527d50
js = 0xec93a0
#3 0x000000000055119f in OutputFlowLog (tv=0x305279d0, thread_data=0x671a9e0, f=0x2933fe30) at output-flow.c:110
__PRETTY_FUNCTION__ = "OutputFlowLog"
op_thread_data = 0x671a9e0
logger = 0x178fde0
store = 0x671bb30
#4 0x0000000000527dcd in FlowRecycler (th_v=0x305279d0, thread_data=0x1f132a0) at flow-manager.c:821
f = 0x2933fe30
len = 5
ts = {tv_sec = 1418851641, tv_usec = 635729}
cond_time = {tv_sec = 1419244658, tv_nsec = 0}
flow_update_delay_sec = 1
flow_update_delay_nsec = 0
recycled_cnt = 0
ftd = 0x1f132a0
__PRETTY_FUNCTION__ = "FlowRecycler"
__FUNCTION__ = "FlowRecycler"
#5 0x00000000005c557c in TmThreadsManagement (td=0x305279d0) at tm-threads.c:954
tv = 0x305279d0
s = 0x30527ad0
r = TM_ECODE_OK
__PRETTY_FUNCTION__ = "TmThreadsManagement"
__FUNCTION__ = "TmThreadsManagement"
#6 0x00007ffff737bb50 in start_thread () from /lib/x86_64-linux-gnu/libpthread.so.0
No symbol table info available.
#7 0x00007ffff6c687bd in clone () from /lib/x86_64-linux-gnu/libc.so.6
No symbol table info available.
#8 0x0000000000000000 in ?? ()
No symbol table info available.
(gdb)
(gdb) up
#1 0x0000000000568761 in OutputJSONBuffer (js=0xec93a0, file_ctx=0x0, buffer=0x30527d50) at output-json.c:347
347 SCMutexLock(&file_ctx->fp_mutex);
(gdb) p file_ctx
$1 = (LogFileCtx *) 0x0
As you can see before, it is a dereference of file_ctx when is null.
Steps to reproduce:
1 - Starts suricata with unix-socket support and the attached yaml file
/usr/bin/suricata -c /etc/suricata/suricata.yaml --unix-socket --pidfile=/var/run/suricata/suricata.pid
2 - Scan 2 pcap files with suricatasc
root@suricata:~# suricatasc Command list: shutdown, command-list, help, version, uptime, running-mode, capture-mode, conf-get, dump-counters, pcap-file, pcap-file-number, pcap-file-list, pcap-current, quit >>> pcap-file /root/out.pcap /tmp/suricata/ Success: "Successfully added file to list" >>> pcap-file /root/out.pcap /tmp/suricata/ Success: "Successfully added file to list" >>>
3 - Crash
Files
Updated by Victor Julien almost 10 years ago
Could you try the git master? I can't reproduce the issue, but it's possible we already fixed it.
Updated by Eduardo Arada almost 10 years ago
Just tested with This is Suricata version 2.1dev (rev bcfd614)
But I've got the same behaviour. What do you need for reproduce it?
Updated by Victor Julien over 9 years ago
Can you retry with the current git master? I made some changes to the unix socket reload logic.
Updated by Eduardo Arada over 9 years ago
I just retry with the last git master - 2.1dev (rev 94321b8). It works well until I turn eve-log's bi-directional flows on. then It crashes again at the following line, because jhl->flowlog_ctx is null.
output-json-flow.c:327 OutputJSONBuffer(js, jhl->flowlog_ctx->file_ctx, buffer);
Updated by Victor Julien over 9 years ago
- Status changed from New to Assigned
- Assignee set to Victor Julien
- Target version set to 2.1beta4
Looks like I found a way to reproduce this.
Updated by Victor Julien over 9 years ago
Can you try this pull request? https://github.com/inliniac/suricata/pull/1456
Updated by Eduardo Arada over 9 years ago
Hey, It fixes the problem. It works well at my lab, I made some pcap scans and seems it don't crashes again.
Thank you Victor.
Updated by Victor Julien over 9 years ago
- Status changed from Assigned to Closed
- % Done changed from 0 to 100
Thanks for testing Eduardo!
Actions