Bug #2275
Updated by Victor Julien almost 7 years ago
If there are empty values in the config-file where integer values are expected, strtoimax in the ConfGetInt-function will segfault because of NULL-pointer dereference. Here is a configuration example: pcre.match-limit: [] This will let suricata crash with a segfault. ASAN-output: <pre> ASAN:DEADLYSIGNAL ================================================================= ==16951==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7fa690e3ccc5 bp 0x000000000000 sp 0x7ffd0d770ad0 T0) #0 0x7fa690e3ccc4 (/lib/x86_64-linux-gnu/libc.so.6+0x36cc4) #1 0x7fa6946a6534 in strtoimax (/usr/lib/x86_64-linux-gnu/libasan.so.3+0x44534) #2 0x55e0aeba6499 in ConfGetInt /root/suricata-1/src/conf.c:390 #3 0x55e0aed2545d in DetectPcreRegister /root/suricata-1/src/detect-pcre.c:99 #4 0x55e0aec1b4ce in SigTableSetup /root/suricata-1/src/detect.c:3783 #5 0x55e0aeeed58d in PostConfLoadedSetup /root/suricata-1/src/suricata.c:2690 #6 0x55e0aeeee4f2 in main /root/suricata-1/src/suricata.c:2892 #7 0x7fa690e262b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0) #8 0x55e0aea92d39 in _start (/usr/local/bin/suricata+0xc7d39) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x36cc4) </pre>