Actions
Bug #3926
closeddcerpc: Rust panic in handle_common_stub
Affected Versions:
Effort:
Difficulty:
Label:
Description
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51 #1 0x00007ffff41cb8b1 in __GI_abort () at abort.c:79 #2 0x0000000000efdb37 in std::sys::unix::abort_internal () at src/libstd/sys/unix/mod.rs:165 #3 0x0000000000ee79f5 in std::sys_common::util::abort (args=...) at src/libstd/sys_common/util.rs:20 #4 0x0000000000ee2aae in rust_panic (msg=...) at src/libstd/panicking.rs:524 #5 0x0000000000ee2965 in std::panicking::rust_panic_with_hook (payload=..., message=..., location=<optimized out>) at src/libstd/panicking.rs:492 #6 0x0000000000ee242b in rust_begin_unwind (info=0x7fffee9f6e78) at src/libstd/panicking.rs:378 #7 0x0000000000f3c9d1 in core::panicking::panic_fmt (fmt=..., location=0x7fffee9f6a60) at src/libcore/panicking.rs:85 #8 0x0000000000f3c91d in core::panicking::panic (expr=...) at src/libcore/panicking.rs:52 #9 0x0000000000ba154b in suricata::dcerpc::dcerpc::DCERPCState::handle_common_stub (self=0x7fffe0364c60, input=..., bytes_consumed=0, dir=8) at src/dcerpc/dcerpc.rs:829 #10 0x0000000000ba3b1c in suricata::dcerpc::dcerpc::DCERPCState::handle_input_data (self=0x7fffe0364c60, input=..., direction=8) at src/dcerpc/dcerpc.rs:1034 #11 0x0000000000ba47ac in rs_dcerpc_parse_response (_flow=0x25f07a0, state=0x7fffe0364c60, _pstate=0x7fffe0364c20, input=0x7fffe0372db0 "q\032\330\005@", input_len=7284, _data=0x0, flags=8) at src/dcerpc/dcerpc.rs:1133 #12 0x0000000000693e1e in DCERPCParseResponse (f=0x25f07a0, dcerpc_state=0x7fffe0364c60, pstate=0x7fffe0364c20, input=0x7fffe0372db0 "q\032\330\005@", input_len=7284, local_data=0x0, flags=8 '\b') at app-layer-dcerpc.c:76 #13 0x00000000006d6c8d in AppLayerParserParse (tv=0x16894e0, alp_tctx=0x7fffe027e2b0, f=0x25f07a0, alproto=9, flags=8 '\b', input=0x7fffe0372db0 "q\032\330\005@", input_len=7284) at app-layer-parser.c:1233 #14 0x0000000000690b42 in AppLayerHandleTCPData (tv=0x16894e0, ra_ctx=0x7fffe0278b90, p=0x7fffe8197260, f=0x25f07a0, ssn=0x7fffe0358710, stream=0x7fffee9f8198, data=0x7fffe0372db0 "q\032\330\005@", data_len=7284, flags=8 '\b') at app-layer.c:688 #15 0x0000000000880938 in ReassembleUpdateAppLayer (tv=0x16894e0, ra_ctx=0x7fffe0278b90, ssn=0x7fffe0358710, stream=0x7fffee9f8198, p=0x7fffe8197260, dir=UPDATE_DIR_OPPOSING) at stream-tcp-reassemble.c:1167 #16 0x000000000087ff66 in StreamTcpReassembleAppLayer (tv=0x16894e0, ra_ctx=0x7fffe0278b90, ssn=0x7fffe0358710, stream=0x7fffe0358720, p=0x7fffe8197260, dir=UPDATE_DIR_OPPOSING) at stream-tcp-reassemble.c:1228 #17 0x0000000000883375 in StreamTcpReassembleHandleSegmentUpdateACK (tv=0x16894e0, ra_ctx=0x7fffe0278b90, ssn=0x7fffe0358710, stream=0x7fffe0358720, p=0x7fffe8197260) at stream-tcp-reassemble.c:1802 #18 0x0000000000882e3d in StreamTcpReassembleHandleSegment (tv=0x16894e0, ra_ctx=0x7fffe0278b90, ssn=0x7fffe0358710, stream=0x7fffe03587a8, p=0x7fffe8197260, pq=0x7fffe0278888) at stream-tcp-reassemble.c:1845 #19 0x00000000008751e7 in HandleEstablishedPacketToServer (tv=0x16894e0, ssn=0x7fffe0358710, p=0x7fffe8197260, stt=0x7fffe0278880, pq=0x7fffe0278888) at stream-tcp.c:2294 #20 0x000000000085a660 in StreamTcpPacketStateEstablished (tv=0x16894e0, p=0x7fffe8197260, stt=0x7fffe0278880, ssn=0x7fffe0358710, pq=0x7fffe0278888) at stream-tcp.c:2664 #21 0x00000000008508f8 in StreamTcpStateDispatch (tv=0x16894e0, p=0x7fffe8197260, stt=0x7fffe0278880, ssn=0x7fffe0358710, pq=0x7fffe0278888, state=4 '\004') at stream-tcp.c:4672 #22 0x000000000084d61d in StreamTcpPacket (tv=0x16894e0, p=0x7fffe8197260, stt=0x7fffe0278880, pq=0x7fffe0270b50) at stream-tcp.c:4861 #23 0x000000000085127f in StreamTcp (tv=0x16894e0, p=0x7fffe8197260, data=0x7fffe0278880, pq=0x7fffe0270b50) at stream-tcp.c:5197 #24 0x00000000007e18bb in FlowWorkerStreamTCPUpdate (tv=0x16894e0, fw=0x7fffe0270b20, p=0x7fffe8197260, detect_thread=0x0) at flow-worker.c:364 #25 0x00000000007e14e1 in FlowWorker (tv=0x16894e0, p=0x7fffe8197260, data=0x7fffe0270b20) at flow-worker.c:524 #26 0x0000000000891ba4 in TmThreadsSlotVarRun (tv=0x16894e0, p=0x7fffe8197260, slot=0x2660bf0) at tm-threads.c:117 #27 0x00000000008967c6 in TmThreadsSlotVar (td=0x16894e0) at tm-threads.c:452 #28 0x00007ffff6bc46db in start_thread (arg=0x7fffee9f9700) at pthread_create.c:463 #29 0x00007ffff42aca3f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95 (gdb) f 9 #9 0x0000000000ba154b in suricata::dcerpc::dcerpc::DCERPCState::handle_common_stub (self=0x7fffe0364c60, input=..., bytes_consumed=0, dir=8) at src/dcerpc/dcerpc.rs:829 829 parsed -= input_left; (gdb) p parsed $1 = 5816 (gdb) p input_left $2 = 5832
Updated by Shivani Bhardwaj about 4 years ago
- Status changed from Assigned to In Review
Updated by Shivani Bhardwaj about 4 years ago
In Review PR: https://github.com/OISF/suricata/pull/5438
Updated by Victor Julien about 4 years ago
- Status changed from In Review to Closed
Actions