Project

General

Profile

Actions

Bug #915

closed

1.4.3: log-pcap.c: crash on printing a null filename

Added by Mark Solaris over 11 years ago. Updated about 11 years ago.

Status:
Closed
Priority:
Normal
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

This part of log-pcap.c:

   264      if (pl->filename == NULL) {
   265          SCLogDebug("Opening PCAP log file %s", pl->filename);
   266          ret = PcapLogOpenFileCtx(pl);
   267          if (ret < 0) {
   268              SCMutexUnlock(&pl->plog_lock);
   269              return TM_ECODE_FAILED;
   270          }
   271      }

does this:

t@2 (l@2) signal SEGV (no mapping at the fault address) in strlen at 0xffffffff7d93c750
0xffffffff7d93c750: strlen+0x0050:      ld       [%o2], %o1
Current function is PcapLog
  265           SCLogDebug("Opening PCAP log file %s", pl->filename);

(dbx) print *pl
*pl = {
    size_current     = 0
    size_limit       = 1048576000U
    h                = 0x103b44580
    filename         = (nil)
    file_cnt         = 1U
    max_files        = 2000U
    pkt_cnt          = 1U
    prev_day         = 1
    pcap_dead_handle = (nil)
    pcap_dumper      = (nil)
    prefix           = 0x103a43f00 "log.pcap" 
    mode             = 0
    use_ringbuffer   = 1
    timestamp_format = 0
    use_stream_depth = 0
    dir              = "/apps/ids/suricata/logs" 
    plog_lock        = {
        __pthread_mutex_flags = {
            __pthread_mutex_flag1   = 4U
            __pthread_mutex_flag2   = '\0'
            __pthread_mutex_ceiling = '\0'
            __pthread_mutex_type    = 0
            __pthread_mutex_magic   = 19800U
        }
        __pthread_mutex_lock  = {
            __pthread_mutex_lock64  = {
                __pthread_mutex_pad = "" 
            }
            __pthread_mutex_lock32  = {
                __pthread_ownerpid = 0
                __pthread_lockword = 4278190080U
            }
            __pthread_mutex_owner64 = 4278190080U
        }
        __pthread_mutex_data  = 18446744071531661888U
    }
    pcap_file_list   = {
        tqh_first = (nil)
        tqh_last  = 0x10399c628
    }
}

I'd suggest the SCLogDebug in line 265 isn't what was meant to be there since the pl->filename tested as NULL.

Actions #1

Updated by Anoop Saldanha over 11 years ago

  • Assignee set to Anoop Saldanha
  • Target version set to 2.0beta2
Actions #2

Updated by Victor Julien about 11 years ago

  • Status changed from New to Closed
  • % Done changed from 0 to 100
Actions

Also available in: Atom PDF