Project

General

Profile

Actions

Bug #2368

closed

Conf: Multipe NULL-pointer dereferences after ConfGetBool in StreamTcpInitConfig

Added by Wolfgang Hotwagner about 7 years ago. Updated about 7 years ago.

Status:
Closed
Priority:
Normal
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

There are multiple NULL-pointer dereferences after calling ConfGetBool in StreamTcpInitConfig. ConfGetBool calls ConfGet which doesn't check the vptr-argument. This is a sample ASAN-output:

1453ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f2969b83a28 bp 0x7ffdbf613a90 sp 0x7ffdbf613210 T0)
#0 0x7f2969b83a27 in strcasecmp (/usr/lib/x86_64-linux-gnu/libasan.so.3+0x51a27)
#1 0x564185accefd in ConfValIsTrue /root/suricata-1/src/conf.c:559
#2 0x564185accb4f in ConfGetBool /root/suricata-1/src/conf.c:512
#3 0x564185dcbe05 in StreamTcpInitConfig /root/suricata-1/src/stream-tcp.c:381
#4 0x564185e21a88 in PreRunInit /root/suricata-1/src/suricata.c:2264
#5 0x564185e24d2c in PostConfLoadedSetup /root/suricata-1/src/suricata.c:2763
#6 0x564185e2570e in main /root/suricata-1/src/suricata.c:2898
#7 0x7f29662cb2b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0)
#8 0x5641859b6039 in _start (/usr/local/bin/suricata+0xc8039)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (/usr/lib/x86_64-linux-gnu/libasan.so.3+0x51a27) in strcasecmp
1453ABORTING

Actions

Also available in: Atom PDF