Actions
Bug #2078
closedhttp body handling: failed assertion
Affected Versions:
Effort:
Difficulty:
Label:
Description
I have a pcap which crashes Suricata (3.2.1 and latest in master). Log files are produced but the process dies - this happens both when running suricata with the -r flag and the pcap and when running in unix socket mode.
I can provide the pcap upon request.
Output from the console:
suricata: detect-engine-hsbd.c:190: DetectEngineHSBDGetBufferForTX: Assertion `!(htud->response_body.content_len_so_far < htud->response_body.body_inspected)' failed. zsh: abort (core dumped) suricata -c suricata.yaml -l /tmp/ -r
Build info:
This is Suricata version 4.0dev (rev 6307890) Features: DEBUG PCAP_SET_BUFF LIBPCAP_VERSION_MAJOR=1 AF_PACKET HAVE_PACKET_FANOUT HAVE_HTP_URI_NORMALIZE_HOOK PCRE_JIT HAVE_LIBJANSSON TLS MAGIC SIMD support: SSE_4_2 SSE_4_1 SSE_3 Atomic intrisics: 1 2 4 8 16 byte(s) 64-bits, Little-endian architecture GCC version 6.3.1 20161221 (Red Hat 6.3.1-1), C version 199901 compiled with _FORTIFY_SOURCE=0 L1 cache line size (CLS)=64 thread local storage method: __thread compiled with LibHTP v0.5.23, linked against LibHTP v0.5.23 Suricata Configuration: AF_PACKET support: yes PF_RING support: no NFQueue support: no NFLOG support: no IPFW support: no Netmap support: no DAG enabled: no Napatech enabled: no Unix socket enabled: yes Detection enabled: yes Libmagic support: yes libnss support: no libnspr support: no libjansson support: yes hiredis support: no Prelude support: no PCRE jit: yes LUA support: no libluajit: no libgeoip: no Non-bundled htp: no Old barnyard2 support: no CUDA enabled: no Hyperscan support: no Libnet support: no Suricatasc install: yes Profiling enabled: no Profiling locks enabled: no Development settings: Coccinelle / spatch: no Unit tests enabled: no Debug output enabled: yes Debug validation enabled: no Generic build parameters: Installation prefix: /usr/local Configuration directory: /usr/local/etc/suricata/ Log directory: /usr/local/var/log/suricata/ --prefix /usr/local --sysconfdir /usr/local/etc --localstatedir /usr/local/var Host: x86_64-unknown-linux-gnu Compiler: gcc (exec name) / gcc (real) GCC Protect enabled: no GCC march native enabled: yes GCC Profile enabled: no Position Independent Executable enabled: no CFLAGS -g -O2 -march=native PCAP_CFLAGS SECCFLAGS
Updated by Victor Julien almost 8 years ago
- Status changed from New to Assigned
- Assignee set to Victor Julien
- Target version set to 70
Updated by Victor Julien over 7 years ago
This happens when the libhtp settings contain:
# Can be specified in kb, mb, gb. Just a number indicates # it's in bytes. request-body-limit: 0 response-body-limit: 0 # inspection limits request-body-minimal-inspect-size: 0 request-body-inspect-window: 0 response-body-minimal-inspect-size: 0 response-body-inspect-window: 0
Updated by Victor Julien over 7 years ago
- Status changed from Assigned to Closed
- Target version changed from 70 to 4.0beta1
Updated by Victor Julien over 7 years ago
- Subject changed from Suricata core dumps after failed assertion to http body handling: failed assertion
Actions