Project

General

Profile

Actions

Bug #4561

closed

Failed assertion in SMTP SMTPTransactionComplete

Added by Philippe Antoine over 3 years ago. Updated almost 3 years ago.

Status:
Closed
Priority:
Normal
Target version:
Affected Versions:
Effort:
Difficulty:
Label:
Needs backport to 5.0, Needs backport to 6.0

Description

Found by my fuzzing before oss-fuzz
Reproducer is
suricata -r smtprst250.pcap -k none -c suricata.yaml
with attached pcap

Stack trace is

fuzz_sigpcap_aware: app-layer-smtp.c:886: void SMTPTransactionComplete(SMTPState *): Assertion `!((state->curr_tx == ((void*)0)))' failed.
    #8 0x7f925e7d1501 in __assert_fail /build/glibc-S9d2JN/glibc-2.27/assert/assert.c:101
    #9 0x6532f3 in SMTPTransactionComplete /root/suricata/src/app-layer-smtp.c:886:5
    #10 0x650e5d in SMTPProcessReply /root/suricata/src/app-layer-smtp.c
    #11 0x64de4b in SMTPParse /root/suricata/src/app-layer-smtp.c:1409:17
    #12 0x64c1af in SMTPParseServerRecord /root/suricata/src/app-layer-smtp.c:1436:12
    #13 0x647983 in AppLayerParserParse /root/suricata/src/app-layer-parser.c:1297:30
    #14 0x841f44 in AppLayerHandleTCPData /root/suricata/src/app-layer.c:699:17
    #15 0x7a781e in ReassembleUpdateAppLayer /root/suricata/src/stream-tcp-reassemble.c:1187:15
    #16 0x7a6dd2 in StreamTcpReassembleAppLayer /root/suricata/src/stream-tcp-reassemble.c:1250:12
    #17 0x7aae70 in StreamTcpReassembleHandleSegmentUpdateACK /root/suricata/src/stream-tcp-reassemble.c:1819:9
    #18 0x7aaa89 in StreamTcpReassembleHandleSegment /root/suricata/src/stream-tcp-reassemble.c:1864:13
    #19 0x795d16 in HandleEstablishedPacketToServer /root/suricata/src/stream-tcp.c:2320:9
    #20 0x77ce07 in StreamTcpPacketStateEstablished /root/suricata/src/stream-tcp.c:2691:13
    #21 0x7706b3 in StreamTcpStateDispatch /root/suricata/src/stream-tcp.c:4714:17
    #22 0x76bb20 in StreamTcpPacket /root/suricata/src/stream-tcp.c:4899:13
    #23 0x7710f3 in StreamTcp /root/suricata/src/stream-tcp.c:5237:11
    #24 0x706b2b in FlowWorkerStreamTCPUpdate /root/suricata/src/flow-worker.c:364:5
    #25 0x70624f in FlowWorker /root/suricata/src/flow-worker.c:524:9
    #26 0x640b9d in LLVMFuzzerTestOneInput /root/suricata/src/tests/fuzz/fuzz_sigpcap_aware.c:164:13


Files

smtprst250.pcap (909 Bytes) smtprst250.pcap Philippe Antoine, 07/14/2021 05:16 PM

Related issues 2 (0 open2 closed)

Copied to Suricata - Bug #4638: Failed assertion in SMTP SMTPTransactionCompleteClosedShivani BhardwajActions
Copied to Suricata - Bug #4639: Failed assertion in SMTP SMTPTransactionCompleteClosedJeff LucovskyActions
Actions

Also available in: Atom PDF