Actions
Bug #152
closedProcessing the attached pcap causes the engine to hang inside of DecodeIPV6ExtHdrs()
Affected Versions:
Effort:
Difficulty:
Label:
Description
src/suricata -r defcon_eth0.dump-fuzz-2010-05-09-19-48-04.slice2 -l lockup/ -c suricata.yaml
coz@coz-desktop:~$ gdb attach 28700GNU gdb (GDB) 7.1-ubuntu
Copyright (C) 2010 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
attach: No such file or directory.
Attaching to process 28700
Reading symbols from /home/coz/downloads/suricatafuzz2/src/.libs/lt-suricata...done.
Reading symbols from /home/coz/downloads/suricatafuzz2/libhtp/htp/.libs/libhtp-0.2.so.1...done.
Loaded symbols for /home/coz/downloads/suricatafuzz2/libhtp/htp/.libs/libhtp-0.2.so.1
Reading symbols from /usr/lib/libpcap.so.0.8...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/libpcap.so.0.8
Reading symbols from /usr/local/lib/libpfring.so...done.
Loaded symbols for /usr/local/lib/libpfring.so
Reading symbols from /usr/lib/libnet.so.1...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/libnet.so.1
Reading symbols from /lib/libpthread.so.0...Reading symbols from /usr/lib/debug/lib/libpthread-2.11.1.so...done.
[Thread debugging using libthread_db enabled]
[New Thread 0x7fe7fb7f6710 (LWP 28729)]
[New Thread 0x7fe7fbff7710 (LWP 28728)]
[New Thread 0x7fe7f3ff7710 (LWP 28727)]
[New Thread 0x7fe7fc7f8710 (LWP 28726)]
[New Thread 0x7fe7fcff9710 (LWP 28725)]
[New Thread 0x7fe7fd7fa710 (LWP 28724)]
[New Thread 0x7fe7fdffb710 (LWP 28723)]
[New Thread 0x7fe7fe7fc710 (LWP 28722)]
[New Thread 0x7fe7feffd710 (LWP 28721)]
[New Thread 0x7fe7ff7fe710 (LWP 28720)]
[New Thread 0x7fe7fffff710 (LWP 28719)]
[New Thread 0x7fe804b38710 (LWP 28718)]
[New Thread 0x7fe80533a710 (LWP 28717)]
[New Thread 0x7fe805b3b710 (LWP 28716)]
[New Thread 0x7fe80633c710 (LWP 28715)]
done.
Loaded symbols for /lib/libpthread.so.0
Reading symbols from /usr/lib/libyaml-0.so.2...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/libyaml-0.so.2
Reading symbols from /lib/libpcre.so.3...(no debugging symbols found)...done.
Loaded symbols for /lib/libpcre.so.3
Reading symbols from /lib/libc.so.6...Reading symbols from /usr/lib/debug/lib/libc-2.11.1.so...done.
done.
Loaded symbols for /lib/libc.so.6
Reading symbols from /lib/libz.so.1...(no debugging symbols found)...done.
Loaded symbols for /lib/libz.so.1
Reading symbols from /lib64/ld-linux-x86-64.so.2...Reading symbols from /usr/lib/debug/lib/ld-2.11.1.so...done.
done.
Loaded symbols for /lib64/ld-linux-x86-64.so.2
0x00007fe8068ff35d in nanosleep () at ../sysdeps/unix/syscall-template.S:82
82 ../sysdeps/unix/syscall-template.S: No such file or directory.
in ../sysdeps/unix/syscall-template.S
(gdb) info threads
16 Thread 0x7fe80633c710 (LWP 28715) pthread_cond_wait@
GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:162
15 Thread 0x7fe805b3b710 (LWP 28716) 0x0000000000415ee4 in DecodeIPV6ExtHdrs (tv=0x18234c0, dtv=0x1ae0680, p=0x1348130, pkt=0x13481de "3?\001", len=32, pq=0x18235c0) at decode-ipv6.c:342
14 Thread 0x7fe80533a710 (LWP 28717) pthread_cond_wait
@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:16213 Thread 0x7fe804b38710 (LWP 28718) pthread_cond_wait@
GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:162
12 Thread 0x7fe7fffff710 (LWP 28719) pthread_cond_wait
@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:16211 Thread 0x7fe7ff7fe710 (LWP 28720) pthread_cond_wait@
GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:162
10 Thread 0x7fe7feffd710 (LWP 28721) pthread_cond_wait
@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:1629 Thread 0x7fe7fe7fc710 (LWP 28722) pthread_cond_wait@
GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:162
8 Thread 0x7fe7fdffb710 (LWP 28723) pthread_cond_wait
@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:1627 Thread 0x7fe7fd7fa710 (LWP 28724) pthread_cond_wait@
GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:162
6 Thread 0x7fe7fcff9710 (LWP 28725) pthread_cond_wait
@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:1625 Thread 0x7fe7fc7f8710 (LWP 28726) pthread_cond_wait@
GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:162
4 Thread 0x7fe7f3ff7710 (LWP 28727) 0x00007fe8068ff35d in nanosleep () at ../sysdeps/unix/syscall-template.S:82
3 Thread 0x7fe7fbff7710 (LWP 28728) pthread_cond_timedwait
@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_timedwait.S:2112 Thread 0x7fe7fb7f6710 (LWP 28729) pthread_cond_timedwait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_timedwait.S:211
- 1 Thread 0x7fe807ca0700 (LWP 28700) 0x00007fe8068ff35d in nanosleep () at ../sysdeps/unix/syscall-template.S:82
(gdb) thread 15
[Switching to thread 15 (Thread 0x7fe805b3b710 (LWP 28716))]#0 0x0000000000415ee4 in DecodeIPV6ExtHdrs (tv=0x18234c0, dtv=0x1ae0680, p=0x1348130, pkt=0x13481de "3?\001", len=32, pq=0x18235c0) at decode-ipv6.c:342
342 DECODER_SET_EVENT(p, IPV6_EXTHDR_DUPL_AH);
(gdb) bt full
#0 0x0000000000415ee4 in DecodeIPV6ExtHdrs (tv=0x18234c0, dtv=0x1ae0680, p=0x1348130, pkt=0x13481de "3?\001", len=32, pq=0x18235c0) at decode-ipv6.c:342
orig_pkt = 0x13481de "3?\001"
nh = 51 '3'
hdrextlen = 0 '\000'
plen = 32
dstopts = 0 '\000'
exthdr_fh_done = 0 '\000'
#1 0x000000000041645e in DecodeIPV6 (tv=0x18234c0, dtv=0x1ae0680, p=0x1348130, pkt=0x13481b6 "`", len=72, pq=0x18235c0) at decode-ipv6.c:436
ret = 0
#2 0x0000000000411d5c in DecodeEthernet (tv=0x18234c0, dtv=0x1ae0680, p=0x1348130, pkt=0x13481a8 "3p\377\267\301", <incomplete sequence \336>, len=86, pq=0x18235c0) at decode-ethernet.c:57
No locals.
#3 0x0000000000410f11 in DecodePcapFile (tv=0x18234c0, p=0x1348130, data=0x1ae0680, pq=0x18235c0) at source-pcap-file.c:263
dtv = 0x1ae0680
#4 0x00000000004a51d4 in TmThreadsSlot1 (td=0x18234c0) at tm-threads.c:382
tv = 0x18234c0
s = 0x1823590
p = 0x1348130
run = 1 '\001'
r = TM_ECODE_OK
#5 0x00007fe80702b9ca in start_thread (arg=<value optimized out>) at pthread_create.c:300
res = <value optimized out>
pd = 0x7fe805b3b710
unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140634504804112, -7520789658221823630, 0, 0, 0, 0, 7525729108479818098, 7525734477618985330}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0,
cleanup = 0x0, canceltype = 0}}}
not_first_call = <value optimized out>
robust = <value optimized out>
freesize = <value optimized out>
__PRETTY_FUNCTION = "start_thread"
#6 0x00007fe80693b69d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
No locals.
#7 0x0000000000000000 in ?? ()
No symbol table info available.
Files
Actions