Actions
Bug #5401
closedtcp: assertion failed in DoInsertSegment (BUG_ON)
Affected Versions:
Effort:
Difficulty:
Label:
Description
Found by oss-fuzz
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47951
Regression in recent https://github.com/OISF/suricata/compare/8377b9dc7c846cf5fcd2436dac69ef507f794c4f...2ba9da4815e2be9f45b462e84e5151c66c30008f
Reproducer is /src/suricata -k none -c suricata.yaml -r tcp.pcap --set stream.midstream=true --set stream.reassembly.depth=0 -S poc.rules
with poc.rules being
alert tcp any any -> any any (msg:"SURICATA Exploit 1 Applayer Unexpected protocol"; flow:established; app-layer-event:applayer_unexpected_protocol; flowbits:set,poc; sid:1; rev:1;) alert http1 any any -> any any (msg:"SURICATA Exploit 2 Exploited"; flow:established; content: "Upgrade"; http.stat_code; content: "101"; flowbits:isset,poc; sid:2; rev:1;)
I guess the rules can be minimized in order not to get ssn->server.flags |= STREAMTCP_STREAM_FLAG_DISABLE_RAW
in DetectRunPostGetFirstRuleGroup
in detect.c
Files
Updated by Victor Julien over 2 years ago
- Status changed from New to Assigned
- Priority changed from Normal to High
Updated by Victor Julien over 2 years ago
- Status changed from Assigned to Resolved
- Label Needs backport to 6.0 added
Updated by Victor Julien over 2 years ago
- Status changed from Resolved to Closed
- Label deleted (
Needs backport to 6.0)
Updated by Philippe Antoine about 2 years ago
- Related to Bug #5526: tcp: Assertion failed: (!((last_ack_abs < left_edge && StreamTcpInlineMode() == 0 && !f->ffr && ssn->state < TCP_CLOSED))) added
Actions