Actions
Bug #5198
closedeve/stats: ASAN error when eve output file can't be opened.
Affected Versions:
Effort:
Difficulty:
Label:
Description
- eve-log:
enabled: yes
filetype: regular #regular|syslog|unix_dgram|unix_stream|redis
filename: /ev/null
# Enable for multi-threaded eve.json output; output files are amended with
# with an identifier, e.g., eve.9.json
threaded: true
Commandline:
./src/suricata -c suricata.yaml -l tmp --disable-detection -r ~/pcap --runmode=single
Leads to:
$ ./src/suricata -c suricata.yaml -l tmp --disable-detection -r /pcap --runmode=single
[4153800] 20/3/2022 -- 15:24:26 - (suricata.c:1143) <Notice> (LogVersion) -- This is Suricata version 7.0.0-dev (308b3deb8 2022-03-20) running in USER mode
[4153802] 20/3/2022 -- 15:24:26 - (util-logopenfile.c:401) <Error> (SCLogOpenFileFp) -- [ERRCODE: SC_ERR_FOPEN(44)] - Error opening file: "/dev/null.1": Permission denied
[4153802] 20/3/2022 -- 15:24:26 - (util-logopenfile.c:401) <Error> (SCLogOpenFileFp) -- [ERRCODE: SC_ERR_FOPEN(44)] - Error opening file: "/dev/null.1": Permission denied
[4153802] 20/3/2022 -- 15:24:26 - (util-logopenfile.c:401) <Error> (SCLogOpenFileFp) -- [ERRCODE: SC_ERR_FOPEN(44)] - Error opening file: "/dev/null.1": Permission denied
[4153802] 20/3/2022 -- 15:24:26 - (util-logopenfile.c:401) <Error> (SCLogOpenFileFp) -- [ERRCODE: SC_ERR_FOPEN(44)] - Error opening file: "/dev/null.1": Permission denied
[4153802] 20/3/2022 -- 15:24:26 - (util-logopenfile.c:401) <Error> (SCLogOpenFileFp) -- [ERRCODE: SC_ERR_FOPEN(44)] - Error opening file: "/dev/null.1": Permission denied
[4153802] 20/3/2022 -- 15:24:26 - (util-logopenfile.c:401) <Error> (SCLogOpenFileFp) -- [ERRCODE: SC_ERR_FOPEN(44)] - Error opening file: "/dev/null.1": Permission denied
[4153802] 20/3/2022 -- 15:24:26 - (util-logopenfile.c:401) <Error> (SCLogOpenFileFp) -- [ERRCODE: SC_ERR_FOPEN(44)] - Error opening file: "/dev/null.1": Permission denied
[4153802] 20/3/2022 -- 15:24:26 - (util-logopenfile.c:401) <Error> (SCLogOpenFileFp) -- [ERRCODE: SC_ERR_FOPEN(44)] - Error opening file: "/dev/null.1": Permission denied
[4153802] 20/3/2022 -- 15:24:26 - (util-logopenfile.c:401) <Error> (SCLogOpenFileFp) -- [ERRCODE: SC_ERR_FOPEN(44)] - Error opening file: "/dev/null.1": Permission denied
[4153802] 20/3/2022 -- 15:24:26 - (util-logopenfile.c:401) <Error> (SCLogOpenFileFp) -- [ERRCODE: SC_ERR_FOPEN(44)] - Error opening file: "/dev/null.1": Permission denied
[4153802] 20/3/2022 -- 15:24:26 - (util-logopenfile.c:401) <Error> (SCLogOpenFileFp) -- [ERRCODE: SC_ERR_FOPEN(44)] - Error opening file: "/dev/null.1": Permission denied
[4153802] 20/3/2022 -- 15:24:26 - (util-logopenfile.c:401) <Error> (SCLogOpenFileFp) -- [ERRCODE: SC_ERR_FOPEN(44)] - Error opening file: "/dev/null.1": Permission denied
[4153802] 20/3/2022 -- 15:24:26 - (util-logopenfile.c:401) <Error> (SCLogOpenFileFp) -- [ERRCODE: SC_ERR_FOPEN(44)] - Error opening file: "/dev/null.1": Permission denied
[4153802] 20/3/2022 -- 15:24:26 - (util-logopenfile.c:401) <Error> (SCLogOpenFileFp) -- [ERRCODE: SC_ERR_FOPEN(44)] - Error opening file: "/dev/null.1": Permission denied
[4153802] 20/3/2022 -- 15:24:26 - (util-logopenfile.c:401) <Error> (SCLogOpenFileFp) -- [ERRCODE: SC_ERR_FOPEN(44)] - Error opening file: "/dev/null.1": Permission denied
[4153802] 20/3/2022 -- 15:24:26 - (util-logopenfile.c:401) <Error> (SCLogOpenFileFp) -- [ERRCODE: SC_ERR_FOPEN(44)] - Error opening file: "/dev/null.1": Permission denied
[4153802] 20/3/2022 -- 15:24:26 - (util-logopenfile.c:401) <Error> (SCLogOpenFileFp) -- [ERRCODE: SC_ERR_FOPEN(44)] - Error opening file: "/dev/null.1": Permission denied
[4153802] 20/3/2022 -- 15:24:26 - (util-logopenfile.c:401) <Error> (SCLogOpenFileFp) -- [ERRCODE: SC_ERR_FOPEN(44)] - Error opening file: "/dev/null.1": Permission denied
[4153802] 20/3/2022 -- 15:24:26 - (util-logopenfile.c:401) <Error> (SCLogOpenFileFp) -- [ERRCODE: SC_ERR_FOPEN(44)] - Error opening file: "/dev/null.1": Permission denied
[4153802] 20/3/2022 -- 15:24:26 - (util-logopenfile.c:401) <Error> (SCLogOpenFileFp) -- [ERRCODE: SC_ERR_FOPEN(44)] - Error opening file: "/dev/null.1": Permission denied
[4153802] 20/3/2022 -- 15:24:26 - (util-logopenfile.c:401) <Error> (SCLogOpenFileFp) -- [ERRCODE: SC_ERR_FOPEN(44)] - Error opening file: "/dev/null.1": Permission denied
[4153802] 20/3/2022 -- 15:24:26 - (util-logopenfile.c:401) <Error> (SCLogOpenFileFp) -- [ERRCODE: SC_ERR_FOPEN(44)] - Error opening file: "/dev/null.1": Permission denied
[4153802] 20/3/2022 -- 15:24:26 - (util-logopenfile.c:401) <Error> (SCLogOpenFileFp) -- [ERRCODE: SC_ERR_FOPEN(44)] - Error opening file: "/dev/null.1": Permission denied
[4153802] 20/3/2022 -- 15:24:26 - (util-logopenfile.c:401) <Error> (SCLogOpenFileFp) -- [ERRCODE: SC_ERR_FOPEN(44)] - Error opening file: "/dev/null.1": Permission denied
[4153802] 20/3/2022 -- 15:24:26 - (util-logopenfile.c:401) <Error> (SCLogOpenFileFp) -- [ERRCODE: SC_ERR_FOPEN(44)] - Error opening file: "/dev/null.1": Permission denied
[4153802] 20/3/2022 -- 15:24:26 - (util-logopenfile.c:401) <Error> (SCLogOpenFileFp) -- [ERRCODE: SC_ERR_FOPEN(44)] - Error opening file: "/dev/null.1": Permission denied
[4153802] 20/3/2022 -- 15:24:26 - (util-logopenfile.c:401) <Error> (SCLogOpenFileFp) -- [ERRCODE: SC_ERR_FOPEN(44)] - Error opening file: "/dev/null.1": Permission denied
[4153802] 20/3/2022 -- 15:24:26 - (util-logopenfile.c:401) <Error> (SCLogOpenFileFp) -- [ERRCODE: SC_ERR_FOPEN(44)] - Error opening file: "/dev/null.1": Permission denied
[4153804] 20/3/2022 -- 15:24:26 - (util-logopenfile.c:401) <Error> (SCLogOpenFileFp) -- [ERRCODE: SC_ERR_FOPEN(44)] - Error opening file: "/dev/null.1": Permission denied
[4153806] 20/3/2022 -- 15:24:26 - (util-logopenfile.c:401) <Error> (SCLogOpenFileFp) -- [ERRCODE: SC_ERR_FOPEN(44)] - Error opening file: "/dev/null.1": Permission denied
[4153800] 20/3/2022 -- 15:24:26 - (tm-threads.c:2040) <Notice> (TmThreadWaitOnThreadInit) -- Threads created -> W: 1 FM: 1 FR: 1 Engine started.
^C[4153800] 20/3/2022 -- 15:24:32 - (suricata.c:2806) <Notice> (SuricataMainLoop) -- Signal Received. Stopping engine.
=================================================================
==4153800==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x602000036040 at pc 0x000000916c1e bp 0x7fc74e6186b0 sp 0x7fc74e6186a8
READ of size 8 at 0x602000036040 thread T5 (CS)
#0 0x916c1d in OutputJSONMemBufferCallback (/home/victor/dev/suricata/src/suricata+0x916c1d)
#1 0x7fc754c68ca0 (/lib/x86_64-linux-gnu/libjansson.so.4+0x2ca0)
#2 0x7fc754c68fbb in json_dump_callback (/lib/x86_64-linux-gnu/libjansson.so.4+0x2fbb)
#3 0x917bd6 in OutputJSONBuffer (/home/victor/dev/suricata/src/suricata+0x917bd6)
#4 0x960af8 in JsonStatsLogger (/home/victor/dev/suricata/src/suricata+0x960af8)
#5 0x96732a in OutputStatsLog (/home/victor/dev/suricata/src/suricata+0x96732a)
#6 0x6dd5b6 in StatsOutput (/home/victor/dev/suricata/src/suricata+0x6dd5b6)
#7 0x6d9969 in StatsMgmtThread (/home/victor/dev/suricata/src/suricata+0x6d9969)
#8 0x7fc754c4b608 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x8608)
#9 0x7fc754a3a162 in clone (/lib/x86_64-linux-gnu/libc.so.6+0x11f162)
0x602000036040 is located 0 bytes to the right of 16-byte region [0x602000036030,0x602000036040)
allocated by thread T5 (CS) here:
#0 0x58f21d in malloc (/home/victor/dev/suricata/src/suricata+0x58f21d)
#1 0x615aa4 in SCMallocFunc (/home/victor/dev/suricata/src/suricata+0x615aa4)
#2 0xbcefbd in LogStatsLogThreadInit (/home/victor/dev/suricata/src/suricata+0xbcefbd)
#3 0x96780b in OutputStatsLogThreadInit (/home/victor/dev/suricata/src/suricata+0x96780b)
#4 0x6d9650 in StatsMgmtThread (/home/victor/dev/suricata/src/suricata+0x6d9650)
#5 0x7fc754c4b608 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x8608)
Thread T5 (CS) created by T0 (Suricata-Main) here:
#0 0x57957c in pthread_create (/home/victor/dev/suricata/src/suricata+0x57957c)
#1 0x5ddd94 in TmThreadSpawn (/home/victor/dev/suricata/src/suricata+0x5ddd94)
#2 0x6d8730 in StatsSpawnThreads (/home/victor/dev/suricata/src/suricata+0x6d8730)
#3 0x979b4b in RunModeDispatch (/home/victor/dev/suricata/src/suricata+0x979b4b)
#4 0x5c3fb5 in SuricataMain (/home/victor/dev/suricata/src/suricata+0x5c3fb5)
#5 0x5c0281 in main (/home/victor/dev/suricata/src/suricata+0x5c0281)
#6 0x7fc75493f0b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x240b2)
SUMMARY: AddressSanitizer: heap-buffer-overflow (/home/victor/dev/suricata/src/suricata+0x916c1d) in OutputJSONMemBufferCallback
Shadow bytes around the buggy address:
0x0c047fffebb0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fffebc0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fffebd0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fffebe0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fffebf0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0c047fffec00: fa fa 00 fa fa fa 00 00[fa]fa 00 00 fa fa 00 00
0x0c047fffec10: fa fa 00 00 fa fa 00 00 fa fa 00 00 fa fa 00 00
0x0c047fffec20: fa fa 00 00 fa fa 00 00 fa fa 00 00 fa fa 00 00
0x0c047fffec30: fa fa 06 fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fffec40: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c047fffec50: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==4153800==ABORTING
threaded: false works as expected.
Actions