Project

General

Profile

Actions

Bug #612

closed

FreeBSD DIVERT segfault

Added by Jake Guffey about 12 years ago. Updated about 12 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

Version: 1.3.2
OS: FreeBSD 9.0-RELEASE (amd64)
Compiled options: IPFW (+DEBUG)

Brief description of problem: Every time I start suricata using IPFW's divert facility, it segfaults and crashes.

Steps to reproduce:
1. Build suricata with the IPFW option enabled
2. Set up basic configuration (copying suricata.yaml.sample to suricata.yaml works well enough)
3. Configure IPFW with a divert rule (ipfw add 2 divert 8000 ip from any to any)
4. Attempt to execute suricata using IPFW divert (suricata -c /path/to/suricata.yaml -d 8000)
5. SIGSEGV

After trying this multiple times, I recompiled with debugging enabled and opened the core dump in gdb. Stepping through, the error occurs within the strcmp() function referenced on line 196 of source-ipfw.c (within IPFWMutexInit()). The offending ASM instruction is "<strcmp+11> mov (%rsi),%dl." Upon execution of this command, it fails every time it's called from IPFWMutexInit(). Perhaps this is evidence of some kind of stack corruption? The segfault is caused by attempting to dereference the pointer stored in %rsi, but not being able to access such memory.

Is there anything I can do to help figure out what's going on and/or how to fix it?

Thanks,
Jake

Actions #1

Updated by Eric Leblond about 12 years ago

Is it possible for you to provide a backtrace ? Given the type of error you describe, it should have explicit result.

Actions #2

Updated by Victor Julien about 12 years ago

  • Status changed from New to Assigned
  • Assignee set to Eric Leblond
  • Target version set to 1.3.3

I guess RunmodeGetActive returns an invalid ptr?

Actions #3

Updated by Jake Guffey about 12 years ago

Eric Leblond wrote:

Is it possible for you to provide a backtrace ? Given the type of error you describe, it should have explicit result.

$ gdb $(which suricata) suricata.core
...
#0 0x0000000801f16f3b in strcmp () from /lib/libc.so.7
[New Thread 802409400 (LWP 100246/FlowManagerThre)]
[New Thread 802409000 (LWP 100245/Verdict0)]
[New Thread 802408c00 (LWP 100244/Detect3)]
[New Thread 802408800 (LWP 100243/Detect2)]
[New Thread 802408400 (LWP 100242/Detect1)]
[New Thread 802408000 (LWP 100241/Recv-Q8000)]
[New Thread 802407400 (LWP 100060/Suricata-Main)]
(gdb) backtrace
#0 0x0000000801f16f3b in strcmp () from /lib/libc.so.7
#1 0x00000000004251c1 in IPFWMutexInit (nq=0x9df4e0) at source-ipfw.c:196
#2 0x0000000000424892 in ReceiveIPFWThreadInit (tv=0x8048e1900, initdata=0x9df260, data=0x7fffffbfd748) at source-ipfw.c:437
#3 0x00000000005ffa16 in TmThreadsSlotPktAcqLoop (td=0x8048e1900) at tm-threads.c:617
#4 0x00000008017a4274 in pthread_getprio () from /lib/libthr.so.3
#5 0x0000000000000000 in ?? ()
Cannot access memory at address 0x7fffffbfe000

Actions #5

Updated by Victor Julien about 12 years ago

  • Status changed from Assigned to Closed
  • % Done changed from 90 to 100

Merged, thanks!

Actions

Also available in: Atom PDF