[Oisf-devel] Segmentation faults

[Ashwin Paranjpe]

Observed 2 segmentation faults while using Suricata. The traffic used for
the test was a (large) merged pcap of multiple pcaps available on pcapr.net
.
Although that pcap cannot be retrieved and shared, I have noted some
preliminary GDB analysis that might help identify the issues.


1) Segmentation fault occurred at *"libhtp/htp/htp_response_generic.c" 279L*
Code: size_t len = bstr_len(tx->response_line);

(gdb) p tx->response_line
$24 = (bstr *) 0x0
(gdb) p tx->response_line.ptr
Cannot access memory at 0x0
Macro bstr_len tried to dereference a NULL pointer (response_line)



2) Segmentation fault occurred at *"src/detect-http-method.c" 697L*
Code: for(idx = 0; idx < list_size(hs->connp->conn->transactions); idx++)

The pointer "hs" is NULL, and is being dereferenced. Suricata does have a
check to detect whether this ptr is NULL.
However, the check is performed before acquiring a semaphore. Apparently,
things change by the time the semaphore is acquired.
Perhaps, the checks need to be performed before and after the semaphore
operation.

-Ashwin.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-devel/attachments/20100826/2aad2fce/attachment-0002.html>