Argus 3.0.5.10: double free or corruption detected by glibc

Carter Bullard carter at qosient.com
Thu Feb 16 12:12:18 EST 2012 

Hey Markku,
I'm testing this now but it seems that there maybe an error in your /etc/argus.conf file.

You have this debug line:
> argus[4515.d0586cb7]: 16 Feb 12 17:24:08.870464 ArgusParseResourceFile: ArgusBindAddr "(null)"


Can you look to see if your ARGUS_BIND_IP line maybe poorly formed?
If that doesn't do it, can you share your /etc/argus.conf file?

Carter


On Feb 16, 2012, at 10:54 AM, Markku Parviainen wrote:

> Hi,
> 
> There seems to be a bug in argus causing it to crash while converting
> tcpdump generated pcap file to argus data file. Test file included.
> 
> # /opt/argus-3.0.5.10-debug/sbin/argus -D8 -r test.pcap -w test.arg
> argus[4515.d0586cb7]: 16 Feb 12 17:24:08.868861 ArgusCalloc (1, 1772)
> returning 0x989f008
> argus[4515.d0586cb7]: 16 Feb 12 17:24:08.869259 ArgusNewModeler()
> returning 0x989f008
> argus[4515.d0586cb7]: 16 Feb 12 17:24:08.869347 ArgusCalloc (1,
> 4229692) returning 0xb72bc008
> argus[4515.d0586cb7]: 16 Feb 12 17:24:08.869410
> ArgusNewSource(0x989f008) returning 0xb72bc008
> argus[4515.d0586cb7]: 16 Feb 12 17:24:08.869463 ArgusCalloc (1, 196)
> returning 0x989f748
> argus[4515.d0586cb7]: 16 Feb 12 17:24:08.869516 ArgusCalloc (1, 88)
> returning 0x989f810
> argus[4515.d0586cb7]: 16 Feb 12 17:24:08.869568 ArgusNewQueue ()
> returning 0x989f810
> argus[4515.d0586cb7]: 16 Feb 12 17:24:08.869616 ArgusCalloc (1, 112)
> returning 0x989fb30
> argus[4515.d0586cb7]: 16 Feb 12 17:24:08.869658 ArgusNewList ()
> returning 0x989fb30
> argus[4515.d0586cb7]: 16 Feb 12 17:24:08.869697 ArgusCalloc (1, 112)
> returning 0x989fba8
> argus[4515.d0586cb7]: 16 Feb 12 17:24:08.869737 ArgusNewList ()
> returning 0x989fba8
> argus[4515.d0586cb7]: 16 Feb 12 17:24:08.869775 ArgusNewOutput()
> returning retn 0x989f748
> argus[4515.d0586cb7]: 16 Feb 12 17:24:08.869845
> setArgusMarReportInterval(60) returning
> argus[4515.d0586cb7]: 16 Feb 12 17:24:08.870146 setArgusID(0xb72bc008,
> 0xbfbc68c0, 0x20) done
> argus[4515.d0586cb7]: 16 Feb 12 17:24:08.870225 setArgusPortNum(561) returning
> argus[4515.d0586cb7]: 16 Feb 12 17:24:08.870289 ArgusCalloc (1, 112)
> returning 0x989fd88
> argus[4515.d0586cb7]: 16 Feb 12 17:24:08.870332 ArgusNewList ()
> returning 0x989fd88
> argus[4515.d0586cb7]: 16 Feb 12 17:24:08.870373 ArgusCalloc (1, 8)
> returning 0x989fe00
> argus[4515.d0586cb7]: 16 Feb 12 17:24:08.870421 ArgusPushBackList
> (0x989fd88, 0x989fe00, 1) returning 1
> argus[4515.d0586cb7]: 16 Feb 12 17:24:08.870464
> ArgusParseResourceFile: ArgusBindAddr "(null)"
> argus[4515.d0586cb7]: 16 Feb 12 17:24:08.870560
> clearArgusDevice(0xb72bc008) returning
> argus[4515.d0586cb7]: 16 Feb 12 17:24:08.870604 ArgusCalloc (1, 112)
> returning 0x989fe20
> argus[4515.d0586cb7]: 16 Feb 12 17:24:08.870646 ArgusNewList ()
> returning 0x989fe20
> argus[4515.d0586cb7]: 16 Feb 12 17:24:09.896887 ArgusCalloc (1, 44)
> returning 0x98a8968
> argus[4515.d0586cb7]: 16 Feb 12 17:24:09.896997 ArgusPushFrontList
> (0x989fe20, 0x98a8968, 1) returning 0x989fe98
> argus[4515.d0586cb7]: 16 Feb 12 17:24:09.897090 setArgusDevice(eth0.1) returning
> argus[4515.d0586cb7]: 16 Feb 12 17:24:09.899779 ArgusDeleteList
> ((nil), 2) returning
> argus[4515.d0586cb7]: 16 Feb 12 17:24:09.899865 ArgusCalloc (1, 112)
> returning 0x98a1c50
> argus[4515.d0586cb7]: 16 Feb 12 17:24:09.899912 ArgusNewList ()
> returning 0x98a1c50
> argus[4515.d0586cb7]: 16 Feb 12 17:24:09.899952 ArgusCalloc (1, 12)
> returning 0x98a1cc8
> argus[4515.d0586cb7]: 16 Feb 12 17:24:09.899994 ArgusPushFrontList
> (0x98a1c50, 0x98a1cc8, 1) returning 0xbfbc690a
> argus[4515.d0586cb7]: 16 Feb 12 17:24:09.900130
> setArgusMarReportInterval(900) returning
> argus[4515.d0586cb7]: 16 Feb 12 17:24:09.900507 ArgusCalloc (1, 112)
> returning 0x989fc20
> argus[4515.d0586cb7]: 16 Feb 12 17:24:09.900558 ArgusNewList ()
> returning 0x989fc20
> argus[4515.d0586cb7]: 16 Feb 12 17:24:09.900624 ArgusCalloc (1, 12)
> returning 0x989fc98
> argus[4515.d0586cb7]: 16 Feb 12 17:24:09.900672 ArgusPushBackList
> (0x989fc20, 0x989fc98, 1) returning 1
> argus[4515.d0586cb7]: 16 Feb 12 17:24:09.900717 ArgusCalloc (1, 4)
> returning 0x989fcb8
> argus[4515.d0586cb7]: 16 Feb 12 17:24:09.900767 ArgusPushFrontList
> (0x989fc20, 0x989fc98, 1) returning 0xb78d23c0
> argus[4515.d0586cb7]: 16 Feb 12 17:24:09.900912 ArgusFree (0x989fcb8)
> argus[4515.d0586cb7]: 16 Feb 12 17:24:09.901415 ArgusSortFileList(0x989fc20)
> argus[4515.d0586cb7]: 16 Feb 12 17:24:09.901494 ArgusDeleteList
> (0x98a1c50, 2) 1 items on list
> argus[4515.d0586cb7]: 16 Feb 12 17:24:09.901578 ArgusFree (0x98a1cc8)
> argus[4515.d0586cb7]: 16 Feb 12 17:24:09.901654 ArgusFree (0x98a1c50)
> argus[4515.d0586cb7]: 16 Feb 12 17:24:09.901709 ArgusDeleteList
> (0x98a1c50, 2) returning
> argus[4515.d0586cb7]: 16 Feb 12 17:24:09.901768 ArgusCalloc (1, 112)
> returning 0x98a1c50
> argus[4515.d0586cb7]: 16 Feb 12 17:24:09.901825 ArgusNewList ()
> returning 0x98a1c50
> argus[4515.d0586cb7]: 16 Feb 12 17:24:09.901881 ArgusCalloc (1, 12)
> returning 0x98a1cc8
> argus[4515.d0586cb7]: 16 Feb 12 17:24:09.901944 ArgusPushFrontList
> (0x98a1c50, 0x98a1cc8, 1) returning 0xbfbc88d7
> argus[4515.d0586cb7]: 16 Feb 12 17:24:09.902011 setArgusPortNum(0) returning
> argus[4515.d0586cb7]: 16 Feb 12 17:24:09.902069 ArgusDeleteList
> (0x989fd88, 6) 1 items on list
> *** glibc detected *** argus: double free or corruption (fasttop):
> 0x0989fe00 ***
> ======= Backtrace: =========
> /lib/tls/i686/cmov/libc.so.6(+0x6b591)[0xb7731591]
> /lib/tls/i686/cmov/libc.so.6(+0x6cde8)[0xb7732de8]
> /lib/tls/i686/cmov/libc.so.6(cfree+0x6d)[0xb7735ecd]
> argus[0x807343d]
> argus[0x8062b29]
> argus[0x804bbc2]
> argus[0x804ed23]
> /lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xe6)[0xb76dcbd6]
> argus[0x804b1c1]
> ======= Memory map: ========
> 08048000-080a1000 r-xp 00000000 08:01 4644898
> /opt/argus-3.0.5.10-debug/sbin/argus
> 080a1000-080a2000 r--p 00059000 08:01 4644898
> /opt/argus-3.0.5.10-debug/sbin/argus
> 080a2000-080a4000 rw-p 0005a000 08:01 4644898
> /opt/argus-3.0.5.10-debug/sbin/argus
> 080a4000-080a9000 rw-p 00000000 00:00 0
> 0989f000-098c0000 rw-p 00000000 00:00 0          [heap]
> b6ff1000-b6ffe000 r-xp 00000000 08:01 7741502    /lib/libgcc_s.so.1
> b6ffe000-b6fff000 r--p 0000c000 08:01 7741502    /lib/libgcc_s.so.1
> b6fff000-b7000000 rw-p 0000d000 08:01 7741502    /lib/libgcc_s.so.1
> b7000000-b7021000 rw-p 00000000 00:00 0
> b7021000-b7100000 ---p 00000000 00:00 0
> b7106000-b7110000 r-xp 00000000 08:01 7758726
> /lib/tls/i686/cmov/libnss_files-2.11.1.so
> b7110000-b7111000 r--p 00009000 08:01 7758726
> /lib/tls/i686/cmov/libnss_files-2.11.1.so
> b7111000-b7112000 rw-p 0000a000 08:01 7758726
> /lib/tls/i686/cmov/libnss_files-2.11.1.so
> b7112000-b7125000 r-xp 00000000 08:01 7758720
> /lib/tls/i686/cmov/libnsl-2.11.1.so
> b7125000-b7126000 r--p 00012000 08:01 7758720
> /lib/tls/i686/cmov/libnsl-2.11.1.so
> b7126000-b7127000 rw-p 00013000 08:01 7758720
> /lib/tls/i686/cmov/libnsl-2.11.1.so
> b7127000-b7129000 rw-p 00000000 00:00 0
> b7129000-b712f000 r-xp 00000000 08:01 7758722
> /lib/tls/i686/cmov/libnss_compat-2.11.1.so
> b712f000-b7130000 r--p 00006000 08:01 7758722
> /lib/tls/i686/cmov/libnss_compat-2.11.1.so
> b7130000-b7131000 rw-p 00007000 08:01 7758722
> /lib/tls/i686/cmov/libnss_compat-2.11.1.so
> b7145000-b7190000 r--s 00000000 00:0f 5101       /dev/usbmon1
> b7190000-b71db000 r--s 00000000 00:0f 5107       /dev/usbmon3
> b71db000-b7226000 r--s 00000000 00:0f 5136       /dev/usbmon5
> b7226000-b7271000 r--s 00000000 00:0f 5131       /dev/usbmon2
> b7271000-b72bc000 r--s 00000000 00:0f 5119       /dev/usbmon4
> b72bc000-b76c6000 rw-p 00000000 00:00 0
> b76c6000-b7819000 r-xp 00000000 08:01 7758709
> /lib/tls/i686/cmov/libc-2.11.1.so
> b7819000-b781a000 ---p 00153000 08:01 7758709
> /lib/tls/i686/cmov/libc-2.11.1.so
> b781a000-b781c000 r--p 00153000 08:01 7758709
> /lib/tls/i686/cmov/libc-2.11.1.so
> b781c000-b781d000 rw-p 00155000 08:01 7758709
> /lib/tls/i686/cmov/libc-2.11.1.so
> b781d000-b7820000 rw-p 00000000 00:00 0
> b7820000-b7834000 r-xp 00000000 08:01 3739457    /usr/lib/libz.so.1.2.3.3
> b7834000-b7836000 rw-p 00013000 08:01 3739457    /usr/lib/libz.so.1.2.3.3
> b7836000-b785a000 r-xp 00000000 08:01 7758717
> /lib/tls/i686/cmov/libm-2.11.1.so
> b785a000-b785b000 r--p 00023000 08:01 7758717
> /lib/tls/i686/cmov/libm-2.11.1.so
> b785b000-b785c000 rw-p 00024000 08:01 7758717
> /lib/tls/i686/cmov/libm-2.11.1.so
> b785c000-b785d000 rw-p 00000000 00:00 0
> b785d000-b7872000 r-xp 00000000 08:01 7758735
> /lib/tls/i686/cmov/libpthread-2.11.1.so
> b7872000-b7873000 r--p 00014000 08:01 7758735
> /lib/tls/i686/cmov/libpthread-2.11.1.so
> b7873000-b7874000 rw-p 00015000 08:01 7758735
> /lib/tls/i686/cmov/libpthread-2.11.1.so
> b7874000-b7876000 rw-p 00000000 00:00 0
> b7876000-b78a7000 r-xp 00000000 08:01 3738968    /usr/lib/libpcap.so.1.0.0
> b78a7000-b78a8000 r--p 00031000 08:01 3738968    /usr/lib/libpcap.so.1.0.0
> b78a8000-b78a9000 rw-p 00032000 08:01 3738968    /usr/lib/libpcap.so.1.0.0
> b78b2000-b78ba000 r-xp 00000000 08:01 7758730
> /lib/tls/i686/cmov/libnss_nis-2.11.1.so
> b78ba000-b78bb000 r--p 00007000 08:01 7758730
> /lib/tls/i686/cmov/libnss_nis-2.11.1.so
> b78bb000-b78bc000 rw-p 00008000 08:01 7758730
> /lib/tls/i686/cmov/libnss_nis-2.11.1.so
> b78bd000-b78bf000 rw-p 00000000 00:00 0
> b78bf000-b78da000 r-xp 00000000 08:01 7741460    /lib/ld-2.11.1.so
> b78da000-b78db000 r--p 0001a000 08:01 7741460    /lib/ld-2.11.1.so
> b78db000-b78dc000 rw-p 0001b000 08:01 7741460    /lib/ld-2.11.1.so
> bfba8000-bfbc9000 rw-p 00000000 00:00 0          [stack]
> ffffe000-fffff000 r-xp 00000000 00:00 0          [vdso]
> Aborted
> 
> # gcc -v
> Using built-in specs.
> Target: i486-linux-gnu
> Configured with: ../src/configure -v --with-pkgversion='Ubuntu
> 4.3.2-1ubuntu12'
> --with-bugurl=file:///usr/share/doc/gcc-4.3/README.Bugs
> --enable-languages=c,c++,fortran,objc,obj-c++ --prefix=/usr
> --enable-shared --with-system-zlib --libexecdir=/usr/lib
> --without-included-gettext --enable-threads=posix --enable-nls
> --with-gxx-include-dir=/usr/include/c++/4.3 --program-suffix=-4.3
> --enable-clocale=gnu --enable-libstdcxx-debug --enable-objc-gc
> --enable-mpfr --enable-targets=all --enable-checking=release
> --build=i486-linux-gnu --host=i486-linux-gnu --target=i486-linux-gnu
> Thread model: posix
> gcc version 4.3.2 (Ubuntu 4.3.2-1ubuntu12)
> 
> # uname -r
> 2.6.36.2
> 
> LIBC:
> lrwxrwxrwx 1 root root 14 2010-12-30 21:04 /lib/libc.so.6 -> libc-2.11.1.so
> -rwxr-xr-x 1 root root 1335560 2010-05-21 13:39 /lib/libc-2.11.1.so
> -rw-r--r-- 1 root root 3031076 2010-05-21 13:39 /usr/lib/libc.a
> -rw-r--r-- 1 root root 238 2010-05-21 13:19 /usr/lib/libc.so
> 
> 
> This same code and sample works fine on my another linux host (64bit,
> gcc 4.2.4). I'm guessing the glibc there may not have an internal
> stack protection code enabled, or that the 64bit code generated is
> somehow different.
> <test.pcap>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20120216/060fdf38/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4367 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20120216/060fdf38/attachment.bin>

More information about the argus mailing list