[Bro-Dev] [JIRA] (BIT-1459) bro segfaults at analyzer::mime::MIME_Entity::ParseFieldParameters
Johanna Amann (JIRA)
jira at bro-tracker.atlassian.net
Fri Aug 28 13:40:02 PDT 2015
[ https://bro-tracker.atlassian.net/browse/BIT-1459?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Johanna Amann updated BIT-1459:
-------------------------------
Status: Merge Request (was: Open)
Assignee: (was: Johanna Amann)
> bro segfaults at analyzer::mime::MIME_Entity::ParseFieldParameters
> -------------------------------------------------------------------
>
> Key: BIT-1459
> URL: https://bro-tracker.atlassian.net/browse/BIT-1459
> Project: Bro Issue Tracker
> Issue Type: Problem
> Components: Bro
> Affects Versions: git/master
> Environment: 2xXeon E5540, 64GB RAM, Linux 3.18.11, PF_RING 6.0.3 ZC (zbalance_ipc), bro cluster
> Reporter: Alexander Zatserkovnyy
> Labels: mime
>
> bro worker segfaults occurred from time to time after upgrade to bro 2.4-78 . Looks like the problem rise in analyzer::mime::MIME_Entity::ParseFieldParameters (/usr/src/other/bro/src/analyzer/protocol/mime/MIME.cc:126). A couple of core listings follows:
> Core was generated by `/usr/local/bin/bro -i zc:99 at 2 -U .status -p broctl -p broctl-live -p local -p w'.
> Program terminated with signal SIGSEGV, Segmentation fault.
> #0 analyzer::mime::MIME_Entity::ParseFieldParameters (this=this at entry=0x8aae540, len=16, len at entry=27, data=0x2447faec "(UploadBoundary)", data at entry=0x2447fae1 "; boundary=(UploadBoundary)")
> at /usr/src/other/bro/src/analyzer/protocol/mime/MIME.cc:126
> 126 static data_chunk_t get_data_chunk(BroString* s)
> (gdb) backtrace
> #0 analyzer::mime::MIME_Entity::ParseFieldParameters (this=this at entry=0x8aae540, len=16, len at entry=27, data=0x2447faec "(UploadBoundary)", data at entry=0x2447fae1 "; boundary=(UploadBoundary)")
> at /usr/src/other/bro/src/analyzer/protocol/mime/MIME.cc:126
> #1 0x0000000000769f7c in analyzer::mime::MIME_Entity::ParseContentTypeField (this=this at entry=0x8aae540, h=h at entry=0x521ddc0) at /usr/src/other/bro/src/analyzer/protocol/mime/MIME.cc:799
> #2 0x000000000076a1d1 in analyzer::mime::MIME_Entity::ParseMIMEHeader (this=this at entry=0x8aae540, h=h at entry=0x521ddc0) at /usr/src/other/bro/src/analyzer/protocol/mime/MIME.cc:763
> #3 0x000000000076b638 in analyzer::mime::MIME_Entity::FinishHeader (this=this at entry=0x8aae540) at /usr/src/other/bro/src/analyzer/protocol/mime/MIME.cc:735
> #4 0x000000000076b821 in analyzer::mime::MIME_Entity::NewHeader (this=0x8aae540, len=13, data=0x1704a3c0 "Host: fegi.ru") at /usr/src/other/bro/src/analyzer/protocol/mime/MIME.cc:699
> #5 0x0000000000721490 in analyzer::http::HTTP_Analyzer::DeliverStream (this=0xbd9f080, len=13, data=0x1704a3c0 "Host: fegi.ru", is_orig=<optimized out>)
> at /usr/src/other/bro/src/analyzer/protocol/http/HTTP.cc:1038
> #6 0x00000000007f0ded in analyzer::tcp::ContentLine_Analyzer::DoDeliverOnce (this=this at entry=0x14fbe090, len=<optimized out>, len at entry=84, data=<optimized out>,
> data at entry=0xcd56528 "Host: fegi.ru\r\nContent-Length: 185\r\nExpect: 100-continue\r\nConnection: Keep-Alive\r\n\r\n") at /usr/src/other/bro/src/analyzer/protocol/tcp/ContentLine.cc:258
> #7 0x00000000007f0fbb in analyzer::tcp::ContentLine_Analyzer::DoDeliver (this=0x14fbe090, len=84,
> data=0xcd56528 "Host: fegi.ru\r\nContent-Length: 185\r\nExpect: 100-continue\r\nConnection: Keep-Alive\r\n\r\n") at /usr/src/other/bro/src/analyzer/protocol/tcp/ContentLine.cc:200
> #8 0x00000000007f07b0 in analyzer::tcp::ContentLine_Analyzer::DeliverStream (this=0x14fbe090, len=<optimized out>,
> data=0xcd563c0 "POST /wp-content/themes/ProjectTheme/lib/upload_main/upload.php?folder=/wp-content/uploads/ HTTP/1.1\r\nReferer: http://fegi.ru/wp-content/themes/ProjectTheme/lib/upload_main/upload.php?folder=/wp-conte"..., is_orig=<optimized out>) at /usr/src/other/bro/src/analyzer/protocol/tcp/ContentLine.cc:108
> #9 0x0000000000861216 in analyzer::Analyzer::NextStream (this=0x14fbe090, len=444,
> data=0xcd563c0 "POST /wp-content/themes/ProjectTheme/lib/upload_main/upload.php?folder=/wp-content/uploads/ HTTP/1.1\r\nReferer: http://fegi.ru/wp-content/themes/ProjectTheme/lib/upload_main/upload.php?folder=/wp-conte"..., is_orig=<optimized out>) at /usr/src/other/bro/src/analyzer/Analyzer.cc:245
> #10 0x00000000008619a6 in analyzer::Analyzer::ForwardStream (this=0x14ea0000, len=444,
> data=0xcd563c0 "POST /wp-content/themes/ProjectTheme/lib/upload_main/upload.php?folder=/wp-content/uploads/ HTTP/1.1\r\nReferer: http://fegi.ru/wp-content/themes/ProjectTheme/lib/upload_main/upload.php?folder=/wp-conte"..., is_orig=<optimized out>) at /usr/src/other/bro/src/analyzer/Analyzer.cc:331
> #11 0x00000000007efb49 in analyzer::tcp::TCP_Reassembler::DeliverBlock (this=this at entry=0xc6d7800, seq=seq at entry=1, len=len at entry=444,
> data=0xcd563c0 "POST /wp-content/themes/ProjectTheme/lib/upload_main/upload.php?folder=/wp-content/uploads/ HTTP/1.1\r\nReferer: http://fegi.ru/wp-content/themes/ProjectTheme/lib/upload_main/upload.php?folder=/wp-conte"...) at /usr/src/other/bro/src/analyzer/protocol/tcp/TCP_Reassembler.cc:650
> #12 0x00000000007efe79 in analyzer::tcp::TCP_Reassembler::BlockInserted (this=0xc6d7800, start_block=<optimized out>) at /usr/src/other/bro/src/analyzer/protocol/tcp/TCP_Reassembler.cc:396
> #13 0x00000000007ef9cc in analyzer::tcp::TCP_Reassembler::DataSent (this=0xc6d7800, t=<optimized out>, seq=<optimized out>, len=<optimized out>, len at entry=444, data=<optimized out>,
> data at entry=0x7f5b768985b6 <error: Cannot access memory at address 0x7f5b768985b6>, replaying=replaying at entry=true) at /usr/src/other/bro/src/analyzer/protocol/tcp/TCP_Reassembler.cc:495
> #14 0x00000000007ee341 in analyzer::tcp::TCP_Endpoint::DataSent (this=this at entry=0x710d620, t=<optimized out>, seq=seq at entry=1, len=444, caplen=444,
> data=0x7f5b768985b6 <error: Cannot access memory at address 0x7f5b768985b6>, ip=ip at entry=0x7ffcb14c4f90, tp=tp at entry=0x7f5b768985a2)
> at /usr/src/other/bro/src/analyzer/protocol/tcp/TCP_Endpoint.cc:207
> #15 0x00000000007eba12 in DeliverData (flags=..., is_orig=<optimized out>, rel_data_seq=1, endpoint=0x710d620, tp=0x7f5b768985a2, ip=0x7ffcb14c4f90, caplen=<optimized out>, len=<optimized out>,
> data=<optimized out>, t=<optimized out>, this=0x14ea0000) at /usr/src/other/bro/src/analyzer/protocol/tcp/TCP.cc:982
> #16 analyzer::tcp::TCP_Analyzer::DeliverPacket (this=0x14ea0000, len=444, data=0x7f5b768985b6 <error: Cannot access memory at address 0x7f5b768985b6>, is_orig=<optimized out>, seq=<optimized out>,
> ip=0x7ffcb14c4f90, caplen=444) at /usr/src/other/bro/src/analyzer/protocol/tcp/TCP.cc:1382
> #17 0x00000000008610c2 in analyzer::Analyzer::NextPacket (this=0x14ea0000, len=464, data=0x7f5b768985a2 <error: Cannot access memory at address 0x7f5b768985a2>, is_orig=<optimized out>,
> seq=18446744073709551615, ip=0x7ffcb14c4f90, caplen=464) at /usr/src/other/bro/src/analyzer/Analyzer.cc:222
> #18 0x000000000056979d in Connection::NextPacket (this=this at entry=0x1d1b6540, t=t at entry=1439902857.1053071, is_orig=is_orig at entry=1, ip=ip at entry=0x7ffcb14c4f90, len=len at entry=464,
> caplen=caplen at entry=464, data=@0x7ffcb14c4e08: 0x7f5b768985a2 <error: Cannot access memory at address 0x7f5b768985a2>, record_packet=<optimized out>, record_content=<optimized out>,
> pkt=<optimized out>, pkt at entry=0x2821530) at /usr/src/other/bro/src/Conn.cc:260
> #19 0x00000000006038a0 in NetSessions::DoNextPacket (this=this at entry=0x2d603c0, t=t at entry=1439902857.1053071, pkt=pkt at entry=0x2821530, ip_hdr=ip_hdr at entry=0x7ffcb14c4f90,
> encapsulation=encapsulation at entry=0x0) at /usr/src/other/bro/src/Sessions.cc:735
> #20 0x0000000000604824 in NetSessions::NextPacket (this=0x2d603c0, t=t at entry=1439902857.1053071, pkt=pkt at entry=0x2821530) at /usr/src/other/bro/src/Sessions.cc:207
> #21 0x00000000005d456f in net_packet_dispatch (t=1439902857.1053071, pkt=pkt at entry=0x2821530, src_ps=src_ps at entry=0x2821500) at /usr/src/other/bro/src/Net.cc:273
> #22 0x0000000000834539 in iosource::PktSrc::Process (this=0x2821500) at /usr/src/other/bro/src/iosource/PktSrc.cc:265
> #23 0x00000000005d4a0f in net_run () at /usr/src/other/bro/src/Net.cc:321
> #24 0x00000000005346dc in main (argc=<optimized out>, argv=<optimized out>) at /usr/src/other/bro/src/main.cc:1191
> ---------------------------------------------------------------------------------------------------------------------
> #0 analyzer::mime::MIME_Entity::ParseFieldParameters (this=this at entry=0x16141d40, len=0, len at entry=11, data=0x1c0d0e9c "", data at entry=0x1c0d0e91 "; boundary=")
> at /usr/src/other/bro/src/analyzer/protocol/mime/MIME.cc:126
> #1 0x0000000000769f7c in analyzer::mime::MIME_Entity::ParseContentTypeField (this=this at entry=0x16141d40, h=h at entry=0x1a46c740) at /usr/src/other/bro/src/analyzer/protocol/mime/MIME.cc:799
> #2 0x000000000076a1d1 in analyzer::mime::MIME_Entity::ParseMIMEHeader (this=this at entry=0x16141d40, h=h at entry=0x1a46c740) at /usr/src/other/bro/src/analyzer/protocol/mime/MIME.cc:763
> #3 0x000000000076b638 in analyzer::mime::MIME_Entity::FinishHeader (this=this at entry=0x16141d40) at /usr/src/other/bro/src/analyzer/protocol/mime/MIME.cc:735
> #4 0x000000000076b821 in analyzer::mime::MIME_Entity::NewHeader (this=0x16141d40, len=175,
> data=0xd0dee00 "User-Agent: Mozilla/5.0 (Linux; Android 4.1.2; s4507 Build/JZO54K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.118 YaBrowser/15.4.2272.3842.00 Mobile Safari/537.36")
> at /usr/src/other/bro/src/analyzer/protocol/mime/MIME.cc:699
> #5 0x0000000000721490 in analyzer::http::HTTP_Analyzer::DeliverStream (this=0xe7c4080, len=175,
> data=0xd0dee00 "User-Agent: Mozilla/5.0 (Linux; Android 4.1.2; s4507 Build/JZO54K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.118 YaBrowser/15.4.2272.3842.00 Mobile Safari/537.36",
> is_orig=<optimized out>) at /usr/src/other/bro/src/analyzer/protocol/http/HTTP.cc:1038
> #6 0x00000000007f0ded in analyzer::tcp::ContentLine_Analyzer::DoDeliverOnce (this=this at entry=0xe806450, len=<optimized out>, len at entry=265, data=<optimized out>,
> data at entry=0x21c2647 "User-Agent: Mozilla/5.0 (Linux; Android 4.1.2; s4507 Build/JZO54K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.118 YaBrowser/15.4.2272.3842.00 Mobile Safari/537.36\r\nAccept-Encoding: gzip, "...) at /usr/src/other/bro/src/analyzer/protocol/tcp/ContentLine.cc:258
> #7 0x00000000007f0fbb in analyzer::tcp::ContentLine_Analyzer::DoDeliver (this=0xe806450, len=265,
> data=0x21c2647 "User-Agent: Mozilla/5.0 (Linux; Android 4.1.2; s4507 Build/JZO54K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.118 YaBrowser/15.4.2272.3842.00 Mobile Safari/537.36\r\nAccept-Encoding: gzip, "...) at /usr/src/other/bro/src/analyzer/protocol/tcp/ContentLine.cc:200
> #8 0x00000000007f07b0 in analyzer::tcp::ContentLine_Analyzer::DeliverStream (this=0xe806450, len=<optimized out>,
> data=0x21c2580 "POST /submit HTTP/1.1\r\nHost: crash-reports.browser.yandex.net\r\nConnection: keep-alive\r\nContent-Length: 32768\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Type: multipart/form-data; boundary=\r\nU"..., is_orig=<optimized out>) at /usr/src/other/bro/src/analyzer/protocol/tcp/ContentLine.cc:108
> #9 0x0000000000861216 in analyzer::Analyzer::NextStream (this=0xe806450, len=464,
> data=0x21c2580 "POST /submit HTTP/1.1\r\nHost: crash-reports.browser.yandex.net\r\nConnection: keep-alive\r\nContent-Length: 32768\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Type: multipart/form-data; boundary=\r\nU"..., is_orig=<optimized out>) at /usr/src/other/bro/src/analyzer/Analyzer.cc:245
> #10 0x00000000008619a6 in analyzer::Analyzer::ForwardStream (this=0xb172f20, len=464,
> data=0x21c2580 "POST /submit HTTP/1.1\r\nHost: crash-reports.browser.yandex.net\r\nConnection: keep-alive\r\nContent-Length: 32768\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Type: multipart/form-data; boundary=\r\nU"..., is_orig=<optimized out>) at /usr/src/other/bro/src/analyzer/Analyzer.cc:331
> #11 0x00000000007efb49 in analyzer::tcp::TCP_Reassembler::DeliverBlock (this=this at entry=0x167805a0, seq=seq at entry=1, len=len at entry=464,
> data=0x21c2580 "POST /submit HTTP/1.1\r\nHost: crash-reports.browser.yandex.net\r\nConnection: keep-alive\r\nContent-Length: 32768\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Type: multipart/form-data; boundary=\r\nU"...) at /usr/src/other/bro/src/analyzer/protocol/tcp/TCP_Reassembler.cc:650
> #12 0x00000000007efe79 in analyzer::tcp::TCP_Reassembler::BlockInserted (this=0x167805a0, start_block=<optimized out>) at /usr/src/other/bro/src/analyzer/protocol/tcp/TCP_Reassembler.cc:396
> #13 0x00000000007ef9cc in analyzer::tcp::TCP_Reassembler::DataSent (this=0x167805a0, t=<optimized out>, seq=<optimized out>, len=<optimized out>, len at entry=464, data=<optimized out>,
> data at entry=0x7f9c1b006442 <error: Cannot access memory at address 0x7f9c1b006442>, replaying=replaying at entry=true) at /usr/src/other/bro/src/analyzer/protocol/tcp/TCP_Reassembler.cc:495
> #14 0x00000000007ee341 in analyzer::tcp::TCP_Endpoint::DataSent (this=this at entry=0x4bb1fb0, t=<optimized out>, seq=seq at entry=1, len=464, caplen=464,
> data=0x7f9c1b006442 <error: Cannot access memory at address 0x7f9c1b006442>, ip=ip at entry=0x7fff4034c130, tp=tp at entry=0x7f9c1b006422)
> at /usr/src/other/bro/src/analyzer/protocol/tcp/TCP_Endpoint.cc:207
> #15 0x00000000007eba12 in DeliverData (flags=..., is_orig=<optimized out>, rel_data_seq=1, endpoint=0x4bb1fb0, tp=0x7f9c1b006422, ip=0x7fff4034c130, caplen=<optimized out>, len=<optimized out>,
> data=<optimized out>, t=<optimized out>, this=0xb172f20) at /usr/src/other/bro/src/analyzer/protocol/tcp/TCP.cc:982
> #16 analyzer::tcp::TCP_Analyzer::DeliverPacket (this=0xb172f20, len=464, data=0x7f9c1b006442 <error: Cannot access memory at address 0x7f9c1b006442>, is_orig=<optimized out>, seq=<optimized out>,
> ip=0x7fff4034c130, caplen=464) at /usr/src/other/bro/src/analyzer/protocol/tcp/TCP.cc:1382
> #17 0x00000000008610c2 in analyzer::Analyzer::NextPacket (this=0xb172f20, len=496, data=0x7f9c1b006422 <error: Cannot access memory at address 0x7f9c1b006422>, is_orig=<optimized out>,
> seq=18446744073709551615, ip=0x7fff4034c130, caplen=496) at /usr/src/other/bro/src/analyzer/Analyzer.cc:222
> #18 0x000000000056979d in Connection::NextPacket (this=this at entry=0x11e52f40, t=t at entry=1439788398.623282, is_orig=is_orig at entry=1, ip=ip at entry=0x7fff4034c130, len=len at entry=496,
> caplen=caplen at entry=496, data=@0x7fff4034bfa8: 0x7f9c1b006422 <error: Cannot access memory at address 0x7f9c1b006422>, record_packet=<optimized out>, record_content=<optimized out>,
> pkt=<optimized out>, pkt at entry=0x251a870) at /usr/src/other/bro/src/Conn.cc:260
> #19 0x00000000006038a0 in NetSessions::DoNextPacket (this=this at entry=0x2a583c0, t=t at entry=1439788398.623282, pkt=pkt at entry=0x251a870, ip_hdr=ip_hdr at entry=0x7fff4034c130,
> encapsulation=encapsulation at entry=0x0) at /usr/src/other/bro/src/Sessions.cc:735
> #20 0x0000000000604824 in NetSessions::NextPacket (this=0x2a583c0, t=t at entry=1439788398.623282, pkt=pkt at entry=0x251a870) at /usr/src/other/bro/src/Sessions.cc:207
> #21 0x00000000005d456f in net_packet_dispatch (t=1439788398.623282, pkt=pkt at entry=0x251a870, src_ps=src_ps at entry=0x251a840) at /usr/src/other/bro/src/Net.cc:273
> #22 0x0000000000834539 in iosource::PktSrc::Process (this=0x251a840) at /usr/src/other/bro/src/iosource/PktSrc.cc:265
> #23 0x00000000005d4a0f in net_run () at /usr/src/other/bro/src/Net.cc:321
> #24 0x00000000005346dc in main (argc=<optimized out>, argv=<optimized out>) at /usr/src/other/bro/src/main.cc:1191
--
This message was sent by Atlassian JIRA
(v7.0.0-OD-02-247#70102)
More information about the bro-dev
mailing list