[Bro-Dev] [JIRA] (BIT-1537) bro segfaults after compile in MacOS X 10.11 El Capitan

Carlos Terrón (JIRA) jira at bro-tracker.atlassian.net
Fri Feb 19 05:40:00 PST 2016 

    [ https://bro-tracker.atlassian.net/browse/BIT-1537?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=24204#comment-24204 ] 

Carlos Terrón commented on BIT-1537:
------------------------------------

The full stack trace with lldb 

{code}
* thread #1: tid = 0x58b6c8, 0x00000001003045d2 bro`file_analysis::X509::ParseCertificate(cert_val=<unavailable>, fid=<unavailable>) + 1282 at X509.cc:175, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x28)
  * frame #0: 0x00000001003045d2 bro`file_analysis::X509::ParseCertificate(cert_val=<unavailable>, fid=<unavailable>) + 1282 at X509.cc:175
    frame #1: 0x0000000100303e5d bro`file_analysis::X509::EndOfFile(this=0x00000001064d44b0) + 221 at X509.cc:56
    frame #2: 0x000000010033f57a bro`file_analysis::File::EndOfFile(this=0x00000001064c14c0) + 170 at File.cc:522
    frame #3: 0x000000010033bc6e bro`file_analysis::Manager::RemoveFile(this=0x0000000100d01f60, file_id=<unavailable>) + 78 at Manager.cc:395
    frame #4: 0x00000001002d910a bro`binpac::TLSHandshake::Handshake_Conn::proc_certificate(this=0x00000001064a65a0, is_orig=false, certificates=0x00000001064bdf60 size=3) + 554 at tls-handshake_pac.cc:180
    frame #5: 0x00000001002d99d4 bro`binpac::TLSHandshake::Handshake_Conn::proc_v3_certificate(this=0x00000001064a65a0, is_orig=false, cl=<unavailable>) + 164 at tls-handshake_pac.cc:323
    frame #6: 0x00000001002dc430 bro`binpac::TLSHandshake::Certificate::Parse(this=0x000000010645d840, t_begin_of_data=<unavailable>, t_end_of_data="", t_context=0x00000001064bb5a0) + 336 at tls-handshake_pac.cc:1977
    frame #7: 0x00000001002da599 bro`binpac::TLSHandshake::Handshake::Parse(this=0x00000001064c0c10, t_begin_of_data="", t_end_of_data="", t_context=0x00000001064bb5a0, t_byteorder=<unavailable>) + 793 at tls-handshake_pac.cc:796
    frame #8: 0x00000001002da16a bro`binpac::TLSHandshake::HandshakeRecord::ParseBuffer(this=0x00000001064bea10, t_flow_buffer=<unavailable>, t_context=0x00000001064bb5a0, t_byteorder=0) + 442 at tls-handshake_pac.cc:586
    frame #9: 0x00000001002dd2cf bro`binpac::TLSHandshake::HandshakePDU::ParseBuffer(this=0x00000001064be9c0, t_flow_buffer=0x00000001064be200, t_context=0x00000001064bb5a0) + 191 at tls-handshake_pac.cc:964
    frame #10: 0x00000001002e0c51 bro`binpac::TLSHandshake::Handshake_Flow::NewData(this=<unavailable>, t_begin_of_data=<unavailable>, t_end_of_data=<unavailable>) + 193 at tls-handshake_pac.cc:3776
    frame #11: 0x00000001002d62d9 bro`analyzer::ssl::SSL_Analyzer::SendHandshake(this=<unavailable>, begin=<unavailable>, end=<unavailable>, orig=<unavailable>) + 41 at SSL.cc:71
    frame #12: 0x00000001002e3c6f bro`binpac::SSL::Handshake::Parse(unsigned char const*, unsigned char const*, binpac::SSL::ContextSSL*) [inlined] binpac::SSL::SSL_Conn::proc_handshake(this=<unavailable>) + 127 at ssl_pac.cc:384
    frame #13: 0x00000001002e3c5f bro`binpac::SSL::Handshake::Parse(this=0x00000001064a8660, t_begin_of_data="\v", t_end_of_data=<unavailable>, t_context=0x00000001064bfc50) + 111 at ssl_pac.cc:1099
    frame #14: 0x00000001002e51be bro`binpac::SSL::SSLRecord::ParseBuffer(this=0x00000001064bfb00, t_flow_buffer=<unavailable>, t_context=0x00000001064bfc50) + 462 at ssl_pac.cc:982
    frame #15: 0x00000001002e5afb bro`binpac::SSL::SSLPDU::ParseBuffer(this=0x00000001064bfad0, t_flow_buffer=0x00000001064be380, t_context=0x00000001064bfc50) + 203 at ssl_pac.cc:1698
    frame #16: 0x00000001002e5d61 bro`binpac::SSL::SSL_Flow::NewData(this=<unavailable>, t_begin_of_data=<unavailable>, t_end_of_data=<unavailable>) + 193 at ssl_pac.cc:1769
    frame #17: 0x00000001002d623a bro`analyzer::ssl::SSL_Analyzer::DeliverStream(this=<unavailable>, len=<unavailable>, data=<unavailable>, orig=<unavailable>) + 106 at SSL.cc:59
    frame #18: 0x0000000100353352 bro`analyzer::Analyzer::NextStream(this=<unavailable>, len=<unavailable>, data=<unavailable>, is_orig=<unavailable>) + 98 at Analyzer.cc:245
    frame #19: 0x000000010035376a bro`analyzer::Analyzer::ForwardStream(this=0x0\x01\x05", is_orig=<unavailable>) + 218 at Analyzer.cc:331\"0\r\x06\t*\x86H\x86?
    frame #20: 0x00000001002f2141 bro`analyzer::tcp::TCP_Reassembler::DeliverBlock(this=0x00000001064bf380, seq=<unavailable>, len=<unavailable>, data=<unavailable>) + 305 at TCP_Reassembler.cc:647
    frame #21: 0x00000001002f1f93 bro`analyzer::tcp::TCP_Reassembler::BlockInserted(this=0x00000001064bf380, start_block=<unavailable>) + 115 at TCP_Reassembler.cc:393
    frame #22: 0x00000001002f2472 bro`analyzer::tcp::TCP_Reassembler::DataSent(this=0x00000001064bf380, t=<unavailable>, seq=<unavailable>, len=<unavailable>, data=<unavailable>, replaying=<unavailable>) + 114 at TCP_Reassembler.cc:492
    frame #23: 0x00000001002f1010 bro`analyzer::tcp::TCP_Endpoint::DataSent(this=0x00000001064bf6f0, t=<unavailable>, seq=2837, len=1047, caplen=1047, data="oTr\x01\x05", ip=<unavailable>, tp=0x000000010083bc48) + 96 at TCP_Endpoint.cc:205
    frame #24: 0x00000001002eec69 bro`analyzer::tcp::TCP_Analyzer::DeliverPacket(int, unsigned char const*, bool, unsigned long long, IP_Hdr const*, int) [inlined] analyzer::tcp::TCP_Analyzer::DeliverData(t=<unavailable>, data="oTrust Globa\x01\x05", len=<unavailable>, caplen=<unavailable>, ip=0x00007fff5fbff220, endpoint=<unavailable>, rel_data_seq=2837) + 45 at TCP.cc:982
    frame #25: 0x00000001002eec3c bro`analyzer::tcp::TCP_Analyzer::DeliverPacket(this=0x00000001064bdfc0, len=1047, data="oTrust Global CA0\x82\x01\"0\r\x06\t*\\x01\x05", is_orig=false, seq=<unavailable>, ip=0x00007fff5fbff220, caplen=1047) + 6748 at TCP.cc:1381
    frame #26: 0x0000000100353206 bro`analyzer::Analyzer::NextPacket(this=<unavailable>, len=<unavailable>, data=<unavailable>, is_orig=<unavailable>, seq=<unavailable>, ip=<unavailable>, caplen=<unavailable>) + 102 at Analyzer.cc:222
    frame #27: 0x0000000100037c50 bro`Connection::NextPacket(this=0x00000001064bed50, t=<unavailable>, is_orig=<unavailable>, ip=<unavailable>, len=<unavailable>, caplen=<unavailable>, data=<unavailable>, record_packet=0x00007fff5fbfefec, record_content=<unavailable>, hdr=0x00000001060390a8, pkt="h[5??3", hdr_size=14) + 192 at Conn.cc:260
    frame #28: 0x00000001000cec68 bro`NetSessions::DoNextPacket(this=0x0000000106441c10, t=1455889030.109709, hdr=0x00000001060390a8, ip_hdr=<unavailable>, pkt="h[5??3", hdr_size=14, encapsulation=0x0000000000000000) + 3960 at Sessions.cc:758
    frame #29: 0x00000001000cd9ae bro`NetSessions::NextPacket(this=0x0000000106441c10, t=1455889030.109709, hdr=0x00000001060390a8, pkt="h[5??3", hdr_size=<unavailable>) + 430 at Sessions.cc:231
    frame #30: 0x000000010009d86f bro`net_packet_dispatch(t=1455889030.109709, hdr=0x00000001060390a8, pkt="h[5??3", hdr_size=14, src_ps=0x0000000106038f30) + 431 at Net.cc:281
    frame #31: 0x000000010032fafe bro`iosource::PktSrc::Process(this=0x0000000106038f30) + 926 at PktSrc.cc:456
    frame #32: 0x000000010009d9b3 bro`net_run() + 163 at Net.cc:329
    frame #33: 0x0000000100022695 bro`main(argc=<unavailable>, argv=0x41d5b1c6a0349e23) + 6437 at main.cc:1190
    frame #34: 0x00007fff900dd5ad libdyld.dylib`start + 1
{code}

> bro segfaults after compile in MacOS X 10.11 El Capitan
> -------------------------------------------------------
>
>                 Key: BIT-1537
>                 URL: https://bro-tracker.atlassian.net/browse/BIT-1537
>             Project: Bro Issue Tracker
>          Issue Type: Problem
>          Components: Bro
>    Affects Versions: 2.4
>            Reporter: Carlos Terrón
>            Priority: High
>
> After compile with 
> {code}
> ./configure --prefix=/usr/local
> make
> make install
> {code}
> And try to execute bro with:
> {code}
> bro -i en4 local
> {code}
> bro segfaults with
> {code}
> Program received signal SIGSEGV, Segmentation fault.
> 0x00000001003045d2 in file_analysis::X509::ParseCertificate (
>     cert_val=<optimized out>, fid=<optimized out>)
>     at /Users/terron/tmp/bro-2.4.1/src/file_analysis/analyzer/x509/X509.cc:175
> 175				char *exponent = BN_bn2dec(pkey->pkey.rsa->e);
> (gdb) bt
> #0  0x00000001003045d2 in file_analysis::X509::ParseCertificate (
>     cert_val=<optimized out>, fid=<optimized out>)
>     at /Users/terron/tmp/bro-2.4.1/src/file_analysis/analyzer/x509/X509.cc:175
> #1  0x0000000100303e5d in file_analysis::X509::EndOfFile (this=0x105f8b710)
>     at /Users/terron/tmp/bro-2.4.1/src/file_analysis/analyzer/x509/X509.cc:56
> #2  0x000000010033f57a in file_analysis::File::EndOfFile (this=0x100961090)
>     at /Users/terron/tmp/bro-2.4.1/src/file_analysis/File.cc:522
> #3  0x000000010033bc6e in file_analysis::Manager::RemoveFile (
>     this=0x105f8b710, file_id=...)
>     at /Users/terron/tmp/bro-2.4.1/src/file_analysis/Manager.cc:395
> #4  0x00000001002d910a in binpac::TLSHandshake::Handshake_Conn::proc_certificate (this=0x105f8a220, is_orig=false, certificates=0x100961f90)
>     at /Users/terron/tmp/bro-2.4.1/build/src/analyzer/protocol/ssl/tls-handshake_pac.cc:180
> #5  0x00000001002d99d4 in binpac::TLSHandshake::Handshake_Conn::proc_v3_certificate (this=0x105f8b710, is_orig=16, cl=<optimized out>)
>     at /Users/terron/tmp/bro-2.4.1/build/src/analyzer/protocol/ssl/tls-handshake_pac.cc:323
> #6  0x00000001002dc430 in binpac::TLSHandshake::Certificate::Parse (
>     this=0x105f8a220, t_begin_of_data=<optimized out>, 
>     t_end_of_data=0x101022f2e "", t_context=0x10095e480)
>     at /Users/terron/tmp/bro-2.4.1/build/src/analyzer/protocol/ssl/tls-handshake_pac.cc:1977
> {code}



--
This message was sent by Atlassian JIRA
(v7.2.0-OD-01-031#72000)

More information about the bro-dev mailing list