Project

General

Profile

Actions
Copy link

Bug #3576

closed

Segfault when facing malformed SNMP rules

Added by Jeff Lucovsky over 4 years ago. Updated over 4 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Jeff Lucovsky
Target version:
5.0.3
Affected Versions:
Effort:
Difficulty:
Label:

Description

In the current 6.0.0 master, Suricata segfaults during rule parsing when facing invalid SNMP rules, e.g.:

alert snmp any any -> any any (msg:"SNMP test1"; snmp.version; sid:1000003;)
alert snmp any any -> any any (msg:"SNMP test2"; snmp.pdu_type; sid:1000007;)

leads to:

[10855] 20/2/2020 -- 10:53:13 - (suricata.c:1068) <Notice> (LogVersion) -- This is Suricata version 6.0.0-dev (73bd9e25f 2020-02-19) running in USER mode
[10855] 20/2/2020 -- 10:53:13 - (util-cpu.c:171) <Info> (UtilCpuPrintSummary) -- CPUs/cores online: 8
[10855] 20/2/2020 -- 10:53:13 - (util-logopenfile.c:474) <Info> (SCConfLogOpenGeneric) -- fast output device (regular) initialized: fast.log
[10855] 20/2/2020 -- 10:53:13 - (util-logopenfile.c:474) <Info> (SCConfLogOpenGeneric) -- eve-log output device (regular) initialized: eve.json
[10855] 20/2/2020 -- 10:53:13 - (util-logopenfile.c:474) <Info> (SCConfLogOpenGeneric) -- stats output device (regular) initialized: stats.log
[10855] 20/2/2020 -- 10:53:13 - (util-classification-config.c:365) <Info> (SCClassConfParseFile) -- Added "43" classification types from the classification file
[10855] 20/2/2020 -- 10:53:13 - (util-reference-config.c:340) <Info> (SCRConfParseFile) -- Added "19" reference types from the reference.config file
zsh: segmentation fault (core dumped)

I have a patch available and can provide a PR soon.

Related issues 1 (0 open1 closed)

Copied from Suricata - Bug #3490: Segfault when facing malformed SNMP rulesClosedSascha SteinbissActions
Actions
Copy link

Also available in: Atom PDF