[Oisf-users] Suricata 3.0x SMTP Parsing Segfaults
Jason Holmes
jholmes at psu.edu
Mon Jan 11 16:28:24 UTC 2016
Hi,
I've been seeing segfaults in the 3.0x series (and dev-detect-v173)
coming from the SMTP parsing code. The only occur once every week or
so. I was able to get core files with Suricata 3.0rc3 and
dev-detect-v173 compiled with "-O0 -ggdb". I do not have the emails
that were being processed when the segfaults occurred. If there is any
other information you'd like to have regarding these, please let me know.
Thanks,
--
Jason Holmes
1. 3.0rc3:
#0 0x00000000005db9d1 in StoreMimeHeader (state=0x0) at
util-decode-mime.c:829
#1 0x00000000005e0987 in MimeDecParseComplete (state=0x0) at
util-decode-mime.c:2473
#2 0x000000000043ec43 in SMTPProcessCommandDATA (state=0x7f5aa23c6650,
f=0x7f59c5339750,
pstate=0x7f5dcd00cc60) at app-layer-smtp.c:772
#3 0x000000000043fce3 in SMTPProcessRequest (state=0x7f5aa23c6650,
f=0x7f59c5339750,
pstate=0x7f5dcd00cc60) at app-layer-smtp.c:1152
#4 0x000000000043fdbf in SMTPParse (direction=0, f=0x7f59c5339750,
state=0x7f5aa23c6650,
pstate=0x7f5dcd00cc60,
input=0x7f59ed132590 "\n <TR>\r\n <TD valign=3D\"middle\"
style=3D\"font-family:Arial, Helvetica, sans-ser=\r\nif; font-size:11px;
text-align:center; margin-top:10px; margin-bottom:10px;=\r\n\">XXXXXXXX
XXX XXXXXXXXXXX | 321 "..., input_len=489, local_data=0x7f5dcc38fb50)
at app-layer-smtp.c:1185
#5 0x000000000043fe68 in SMTPParseClientRecord (f=0x7f59c5339750,
alstate=0x7f5aa23c6650,
pstate=0x7f5dcd00cc60,
input=0x7f59ed132590 "\n <TR>\r\n <TD valign=3D\"middle\"
style=3D\"font-family:Arial, Helvetica, sans-ser=\r\nif; font-size:11px;
text-align:center; margin-top:10px; margin-bottom:10px;=\r\n\">XXXXXXXX
XXX XXXXXXXXXXX | 321 "..., input_len=489, local_data=0x7f5dcc38fb50)
at app-layer-smtp.c:1208
#6 0x00000000004363b7 in AppLayerParserParse (alp_tctx=0x7f5dcc38f8a0,
f=0x7f59c5339750,
alproto=3, flags=4 '\004',
input=0x7f59ed132590 "\n <TR>\r\n <TD valign=3D\"middle\"
style=3D\"font-family:Arial, Helvetica, sans-ser=\r\nif; font-size:11px;
text-align:center; margin-top:10px; margin-bottom:1
0px;=\r\n\">XXXXXXXX XXX XXXXXXXXXX | 321 "..., input_len=489) at
app-layer-parser.c:908
#7 0x000000000041247b in AppLayerHandleTCPData (tv=0x32f57e60,
ra_ctx=0x7f5dcc38f3e0,
p=0x7f5dcc37bad0, f=0x7f59c5339750, ssn=0x7f59b4537e40,
stream=0x7f59b4537e90,
data=0x7f59ed132590 "\n <TR>\r\n <TD valign=3D\"middle\"
style=3D\"font-family:Arial, Helvetica, sans-ser=\r\nif; font-size:11px;
text-align:center; margin-top:10px; margin-bottom:10px;=\r\n\">XXXXXXXX
XXX XXXXXXXXXXX | 321 "..., data_len=489, flags=4 '\004') at app-layer.c:444
#8 0x00000000005a6cdf in DoReassemble (tv=0x32f57e60,
ra_ctx=0x7f5dcc38f3e0,
ssn=0x7f59b4537e40, stream=0x7f59b4537e90, seg=0x7f5dd07c9930,
rd=0x7f5ddf7fb920,
p=0x7f5dcc37bad0) at stream-tcp-reassemble.c:2635
#9 0x00000000005a7ad5 in StreamTcpReassembleAppLayer (tv=0x32f57e60,
ra_ctx=0x7f5dcc38f3e0,
ssn=0x7f59b4537e40, stream=0x7f59b4537e90, p=0x7f5dcc37bad0) at
stream-tcp-reassemble.c:3028
#10 0x00000000005a85ed in StreamTcpReassembleHandleSegmentUpdateACK
(tv=0x32f57e60,
ra_ctx=0x7f5dcc38f3e0, ssn=0x7f59b4537e40, stream=0x7f59b4537e90,
p=0x7f5dcc37bad0)
at stream-tcp-reassemble.c:3404
#11 0x00000000005a868f in StreamTcpReassembleHandleSegment (tv=0x32f57e60,
ra_ctx=0x7f5dcc38f3e0, ssn=0x7f59b4537e40, stream=0x7f59b4537e48,
p=0x7f5dcc37bad0,
pq=0x7f5dcc38f100) at stream-tcp-reassemble.c:3432
#12 0x00000000005966a1 in HandleEstablishedPacketToClient
(tv=0x32f57e60, ssn=0x7f59b4537e40,
p=0x7f5dcc37bad0, stt=0x7f5dcc38f0f0, pq=0x7f5dcc38f100) at
stream-tcp.c:2245
#13 0x000000000059717e in StreamTcpPacketStateEstablished
(tv=0x32f57e60, p=0x7f5dcc37bad0,
stt=0x7f5dcc38f0f0, ssn=0x7f59b4537e40, pq=0x7f5dcc38f100) at
stream-tcp.c:2489
#14 0x000000000059de63 in StreamTcpPacket (tv=0x32f57e60,
p=0x7f5dcc37bad0, stt=0x7f5dcc38f0f0,
pq=0xb5f41370) at stream-tcp.c:4568
#15 0x000000000059eb40 in StreamTcp (tv=0x32f57e60, p=0x7f5dcc37bad0,
data=0x7f5dcc38f0f0,
pq=0xb5f41370, postpq=0x0) at stream-tcp.c:5064
#16 0x00000000005b7d61 in TmThreadsSlotVarRun (tv=0x32f57e60,
p=0x7f5dcc37bad0, slot=0x60d10f30)
at tm-threads.c:132
#17 0x000000000058106d in TmThreadsSlotProcessPkt (tv=0x32f57e60,
s=0x60d10f30,
p=0x7f5dcc37bad0) at tm-threads.h:149
#18 0x0000000000582e37 in AFPReadFromRing (ptv=0x7f5dcc37c8e0) at
source-af-packet.c:874
#19 0x000000000058419f in ReceiveAFPLoop (tv=0x32f57e60,
data=0x7f5dcc37c8e0, slot=0xc9e59c20)
at source-af-packet.c:1214
#20 0x00000000005b85e1 in TmThreadsSlotPktAcqLoop (td=0x32f57e60) at
tm-threads.c:336
#21 0x00007f5e32df3dc5 in start_thread (arg=0x7f5ddf7fe700) at
pthread_create.c:308
#22 0x00007f5e3291d21d in clone () at
../sysdeps/unix/sysv/linux/x86_64/clone.S:113
2. dev-detect-v173:
#0 0x00000000005d39f5 in StoreMimeHeader (state=0x0) at
util-decode-mime.c:829
#1 0x00000000005d89ab in MimeDecParseComplete (state=0x0) at
util-decode-mime.c:2473
#2 0x000000000043ecf7 in SMTPProcessCommandDATA (state=0x7fa783e05c00,
f=0x7f991f93b9c0,
pstate=0x7f9d0d9604f0) at app-layer-smtp.c:772
#3 0x000000000043fd97 in SMTPProcessRequest (state=0x7fa783e05c00,
f=0x7f991f93b9c0,
pstate=0x7f9d0d9604f0) at app-layer-smtp.c:1152
#4 0x000000000043fe73 in SMTPParse (direction=0, f=0x7f991f93b9c0,
state=0x7fa783e05c00,
pstate=0x7f9d0d9604f0,
input=0x7fae0f7fb928 "MAIL FROM:<bounceback at isrn.envergin.com>
BODY=8BITMIME ENVID=e823099ddf1d26499d6a3357a4144167\r\nRCPT
TO:<XXXXXX at psu.edu>\r\nDATA\r\nReceived: from (127.0.0.1) by
isrn.envergin.com id hib19u16lt0h for <XXXX"..., input_len=1802,
local_data=0x7fae0038f8f0)
at app-layer-smtp.c:1185
#5 0x000000000043ff1c in SMTPParseClientRecord (f=0x7f991f93b9c0,
alstate=0x7fa783e05c00,
pstate=0x7f9d0d9604f0,
input=0x7fae0f7fb928 "MAIL FROM:<bounceback at isrn.envergin.com>
BODY=8BITMIME ENVID=e823099ddf1d26499d6a3357a4144167\r\nRCPT
TO:<XXXXXX at psu.edu>\r\nDATA\r\nReceived: from (127.0.0.1) by
isrn.envergin.com id hib19u16lt0h for <XXXX"..., input_len=1802,
local_data=0x7fae0038f8f0)
at app-layer-smtp.c:1208
#6 0x000000000043646b in AppLayerParserParse (alp_tctx=0x7fae0038f640,
f=0x7f991f93b9c0,
alproto=3, flags=4 '\004',
input=0x7fae0f7fb928 "MAIL FROM:<bounceback at isrn.envergin.com>
BODY=8BITMIME ENVID=e823099ddf1d26499d6a3357a4144167\r\nRCPT
TO:<XXXXXX at psu.edu>\r\nDATA\r\nReceived: from (127.0.0.1) by
isrn.envergin.com id hib19u16lt0h for <XXXX"..., input_len=1802) at
app-layer-parser.c:908
#7 0x00000000004124ab in AppLayerHandleTCPData (tv=0x1bdca360,
ra_ctx=0x7fae0038f250,
p=0x7fae0037bad0, f=0x7f991f93b9c0, ssn=0x7fadfc3a33c0,
stream=0x7fadfc3a3410,
data=0x7fae0f7fb928 "MAIL FROM:<bounceback at isrn.envergin.com>
BODY=8BITMIME ENVID=e823099ddf1d26499d6a3357a4144167\r\nRCPT
TO:<XXXXXX at psu.edu>\r\nDATA\r\nReceived: from (127.0.0.1) by
isrn.envergin.com id hib19u16lt0h for <XXXX"..., data_len=1802, flags=4
'\004') at app-layer.c:444
#8 0x000000000059fbdb in StreamTcpReassembleAppLayer (tv=0x1bdca360,
ra_ctx=0x7fae0038f250,
ssn=0x7fadfc3a33c0, stream=0x7fadfc3a3410, p=0x7fae0037bad0) at
stream-tcp-reassemble.c:3053
#9 0x00000000005a05ed in StreamTcpReassembleHandleSegmentUpdateACK
(tv=0x1bdca360,
ra_ctx=0x7fae0038f250, ssn=0x7fadfc3a33c0, stream=0x7fadfc3a3410,
p=0x7fae0037bad0)
at stream-tcp-reassemble.c:3404
#10 0x00000000005a068f in StreamTcpReassembleHandleSegment (tv=0x1bdca360,
ra_ctx=0x7fae0038f250, ssn=0x7fadfc3a33c0, stream=0x7fadfc3a33c8,
p=0x7fae0037bad0,
pq=0x7fae0038ef70) at stream-tcp-reassemble.c:3432
#11 0x000000000058e6a1 in HandleEstablishedPacketToClient
(tv=0x1bdca360, ssn=0x7fadfc3a33c0,
p=0x7fae0037bad0, stt=0x7fae0038ef60, pq=0x7fae0038ef70) at
stream-tcp.c:2245
#12 0x000000000058f17e in StreamTcpPacketStateEstablished
(tv=0x1bdca360, p=0x7fae0037bad0,
stt=0x7fae0038ef60, ssn=0x7fadfc3a33c0, pq=0x7fae0038ef70) at
stream-tcp.c:2489
#13 0x0000000000595e63 in StreamTcpPacket (tv=0x1bdca360,
p=0x7fae0037bad0, stt=0x7fae0038ef60,
pq=0x1bdca730) at stream-tcp.c:4568
#14 0x0000000000596b40 in StreamTcp (tv=0x1bdca360, p=0x7fae0037bad0,
data=0x7fae0038ef60,
pq=0x1bdca730, postpq=0x0) at stream-tcp.c:5064
#15 0x00000000005afd85 in TmThreadsSlotVarRun (tv=0x1bdca360,
p=0x7fae0037bad0, slot=0x1bdca5b0)
at tm-threads.c:132
#16 0x000000000057906d in TmThreadsSlotProcessPkt (tv=0x1bdca360,
s=0x1bdca5b0,
p=0x7fae0037bad0) at tm-threads.h:149
#17 0x000000000057ae37 in AFPReadFromRing (ptv=0x7fae0037c8f0) at
source-af-packet.c:874
#18 0x000000000057c19f in ReceiveAFPLoop (tv=0x1bdca360,
data=0x7fae0037c8f0, slot=0x1bdca470)
at source-af-packet.c:1214
#19 0x00000000005b0605 in TmThreadsSlotPktAcqLoop (td=0x1bdca360) at
tm-threads.c:336
#20 0x00007fae3dc18dc5 in start_thread (arg=0x7fae0f7fe700) at
pthread_create.c:308
#21 0x00007fae3d74221d in clone () at
../sysdeps/unix/sysv/linux/x86_64/clone.S:113
More information about the Oisf-users
mailing list