Project

General

Profile

Bug #7176

Updated by Victor Julien 3 months ago

Parser claims to support GAPs, however crashes when receiving one 
 <pre> 
 Thread 53 "W#51" received signal SIGSEGV, Segmentation fault. 
 [Switching to Thread 0x7ffdb17fa640 (LWP 17428)]             
 asn1_rs::ber::parser::parse_identifier (i=...) at src/ber/parser.rs:119 
 119               let mut c = u32::from(i[0] & 0b0001_1111);    
 (gdb) bt 
 #0    asn1_rs::ber::parser::parse_identifier (i=...) at src/ber/parser.rs:119 
 #1    0x0000555555ba623b in asn1_rs::header::{impl#3}::from_ber (bytes=...) at src/header.rs:229 
 #2    0x0000555555bad23a in asn1_rs::asn1_types::any::{impl#2}::from_ber (bytes=...) at src/asn1_types/any.rs:325 
 #3    0x0000555555cefa7f in asn1_rs::traits::{impl#4}::from_ber<asn1_rs::asn1_types::sequence::Sequence, asn1_rs::error::Error> (bytes=...) at /home/victor/.cargo/registry/src/index.crates.io-6f17d22bba15001f/asn1-rs-0.6.1/src/traits.rs:95 
 #4    asn1_rs::asn1_types::sequence::Sequence::from_ber_and_then<ldap_parser::ldap::LdapMessage, ldap_parser::parser::{impl#5}::from_ber::{closure_env#0}, ldap_parser::error::LdapError> (bytes=..., op=...) 
     at /home/victor/.cargo/registry/src/index.crates.io-6f17d22bba15001f/asn1-rs-0.6.1/src/asn1_types/sequence.rs:111 
 #5    0x0000555555b29b19 in ldap_parser::parser::{impl#5}::from_ber (bytes=...) at src/parser.rs:232 
 #6    0x0000555555a49a9d in suricata::ldap::types::ldap_parse_msg (input=...) at src/ldap/types.rs:644 
 #7    suricata::ldap::ldap::LdapState::parse_response (self=0x7ffd64f02580, input=...) at src/ldap/ldap.rs:200 
 #8    suricata::ldap::ldap::SCLdapParseResponse (_flow=<optimized out>, state=0x7ffd64f02580, pstate=<optimized out>, stream_slice=..., _data=<optimized out>) at src/ldap/ldap.rs:337 
 #9    0x00005555556e6066 in AppLayerParserParse (tv=0x5555571aa170, alp_tctx=0x7ffd64df67f0, f=0x7ffd64f55c90, alproto=30, flags=24 '\030', input=0x0, input_len=14400) at app-layer-parser.c:1363 
 #10 0x00005555556ca088 in AppLayerHandleTCPData (tv=0x5555571aa170, ra_ctx=0x7ffd64df10c0, p=0x7ffff0c279d0, f=0x7ffd64f55c90, ssn=0x7ffd64ecc870, stream=0x7ffdb17f8ef8, data=0x0, data_len=14400, flags=24 '\030', app_update_dir=UPDATE_DIR_OPPOSING) at app-layer.c:752 
 </pre> 
 Quick fixup seems to fix it up: 
 <pre><code class="diff"> 
 diff --git a/rust/src/ldap/ldap.rs b/rust/src/ldap/ldap.rs 
 index 0817b4c9f..d696ca10a 100644 
 --- a/rust/src/ldap/ldap.rs 
 +++ b/rust/src/ldap/ldap.rs 
 @@ -402,7 +402,7 @@ pub unsafe extern "C" fn rs_ldap_register_parser() { 
          get_tx_data: SCLdapGetTxData, 
          get_state_data: SCLdapGetStateData, 
          apply_tx_config: None, 
 -          flags: APP_LAYER_PARSER_OPT_ACCEPT_GAPS, 
 +          flags: 0,//APP_LAYER_PARSER_OPT_ACCEPT_GAPS, 
          get_frame_id_by_name: None, 
          get_frame_name_by_id: None, 
      }; 
 </code></pre> 

Back