Project

General

Profile

Actions

Bug #2347

closed

conf: use of NULL-pointer in DetectLoadCompleteSigPath

Added by Wolfgang Hotwagner about 7 years ago. Updated about 7 years ago.

Status:
Closed
Priority:
Normal
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

The "sig_file" argument of DetectLoadCompleteSigPath() is not checked for NULL-values. If this argument is NULL a SEGV occurs because of a dereferenced NULL-pointer in strlen in PathIsAbsolute(through PathIsRelative). Here is the ASAN-output:

=================================================================
17170ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7fd1afa00646 bp 0x7ffe8398e6d0 sp 0x7ffe8398de58 T0)
#0 0x7fd1afa00645 in strlen (/lib/x86_64-linux-gnu/libc.so.6+0x80645)
#1 0x7fd1b3242eec (/usr/lib/x86_64-linux-gnu/libasan.so.3+0x3beec)
#2 0x5561c8cddf7f in PathIsAbsolute /root/suricata-1/src/util-path.c:40
#3 0x5561c8cddfea in PathIsRelative /root/suricata-1/src/util-path.c:65
#4 0x5561c89275e4 in DetectLoadCompleteSigPath /root/suricata-1/src/detect.c:264
#5 0x5561c8929e75 in SigLoadSignatures /root/suricata-1/src/detect.c:486
#6 0x5561c8c0f2b3 in LoadSignatures /root/suricata-1/src/suricata.c:2419
#7 0x5561c8c1051d in PostConfLoadedDetectSetup /root/suricata-1/src/suricata.c:2550
#8 0x5561c8c12424 in main /root/suricata-1/src/suricata.c:2887
#9 0x7fd1af9a02b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0)
#10 0x5561c87b31a9 in _start (/usr/local/bin/suricata+0xc51a9)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x80645) in strlen
17170ABORTING

Actions

Also available in: Atom PDF