Segmentation Fault in ralabel 3.0.8

el draco eldraco at gmail.com
Mon Aug 18 05:00:39 EDT 2014 

Hi carter and list.

Do you mean that if you try to run it on Kali 1.0.8 you don't get any
segfault? Wow.

Ok, so now I did:

1- VM kali 1.0.8
2- argus-clients 3.0.8
3- cd argus-clients-3.0.8
4- make uninstall
5- touch .devel ; ./configure; make clean; make; make install (as
root) (also I add "make" to your list of commands)
6- cd ..
7- ralabel -f ralabel.conf -r test.small.biargus -w test.small.biargus.labeled
8- I got the segfault
9- I'm attaching the screen output so you can see directly the error from kali.
10- I run it again with gdb: gdb --args ralabel -f test.ralabel.conf
-r test.small.biargus -w test.small.biargus.labeled

And it seems there is an issue when trying to free() some chunk during
compilation of the filter "tcp and synack"

common/argus_code.c

static void
freechunks()
{
   int i;

   for (i = 0; i < NCHUNKS; ++i)
      if (chunks[i].m)
         free(chunks[i].m);
#if defined(ARGUSDEBUG)
   ArgusDebug (9, "freechunks () returning\n");
#endif
}


I'm attaching gdb output from kali.
Tell me if you need something more!

thanks
sebas





On Fri, Aug 15, 2014 at 4:00 PM, Carter Bullard <carter at qosient.com> wrote:
> No, I’m not getting anything… if you can help us to find the problem.
> If you could compile the package with the .devel tag file, then
> we may get a line number of something a little more than just segfault.
>
>    % touch .devel ; ./configure; make clean; make install
>
> And try your data and configuration.
> If you still get the segfault, the message should have a routine and
> line number.
>
> Carter
>
>
> On Aug 15, 2014, at 9:16 AM, el draco <eldraco at gmail.com> wrote:
>
>> Hi carter and list.
>> Sorry for the delay, I just came back from defcon and I'm going back
>> to my algorithms (btw, was anyone on defcon this year?)
>>
>> Well, I use kali as my quick-and-dirty VM because it is already
>> configured with all the penetration test, libraries and forensic
>> tools, so I can play safely there. And most important, it uses the
>> apt-get system to update and install stuff. It is only a rebranded and
>> updated BackTrack. You can safely assume that BackTrack is dead now.
>>
>>
>> So, I just try it again in a live-cd and just booted Kali, and I keep
>> getting the segfault. I'm compiling straight out of the tar file, I
>> have no .debug or .devel tags. I also don't have any rarc.
>>
>> I'm using kali 1.0.8 i386 iso file.
>>
>> 1- Just boot it and connect to internet.
>> 2- Then I downloaded the argus clients dev 3.0.8 latest
>> wget http://qosient.com/argus/dev/argus-clients-latest.tar.gz
>> d4a7d167ba3f8452de3900bbf01fec46  argus-clients-latest.tar.gz
>>
>> 3- I compiled them without errors (./configure;make;make install)
>> 4- Then I copied the 3 files i sent before and run:
>>
>> 5- ralabel -f ralabel.conf -r test.small.biargus -w test.small.biargus.labeled
>>
>> And I get the segfault.
>>
>> I hope you can reproduce it with kali also!
>>
>> thanks!
>> sebas
>>
>> On Wed, Aug 6, 2014 at 1:43 AM, Carter Bullard <carter at qosient.com> wrote:
>>> Hey Sebas,
>>> So no joy in getting your label configuration to die on
>>> Mac OS X, Ubuntu, FreeBsd, NetBsd …
>>>
>>> Your’s is compiled straight out of the tar file, no
>>> .debug or .devel tags ???  Do you have a rarc that
>>> could be setting an option that mine isn’t setting ???
>>>
>>> So whats with all the recent attention to Kali ???
>>> I like to pay attention to synchronistic events, and
>>> this is the second time Kali has come up in 2 days.
>>>
>>> Did they do something different ???  Still BackTrack
>>> or something new ???
>>>
>>> Hope all is most excellent,
>>>
>>> Carter
>>>
>>>
>>> On Aug 5, 2014, at 6:04 PM, el draco <eldraco at gmail.com> wrote:
>>>
>>> Hi Carter
>>> mmm... I only have debian systems around me, so I can not tell you if other
>>> systems are vulnerable.
>>> I'm heading for defcon now but tell me if I can try something else. If I can
>>> I will try on Kali later and see what happens.
>>>
>>> thanks
>>> sebas
>>>
>>>
>>>
>>> On Tue, Aug 5, 2014 at 6:37 PM, Carter Bullard <carter at qosient.com> wrote:
>>>>
>>>> Hey Sebas,
>>>> Not getting any problems on my systems here.
>>>> Will try to replicate on a Debian system.
>>>>
>>>> Carter
>>>>
>>>> On Aug 4, 2014, at 12:02 PM, el draco <eldraco at gmail.com> wrote:
>>>>
>>>> Hi list. Today I was running ralabel 3.0.8 for the first time and I got
>>>> this error.
>>>>
>>>> #### First computer ####
>>>>
>>>> ralabel -f ralabel.conf -r test.small.biargus -w
>>>> test.small.biargus.labeled
>>>> *** Error in `ralabel': munmap_chunk(): invalid pointer:
>>>> 0x0000000002c20f80 ***
>>>> ======= Backtrace: =========
>>>> /lib/x86_64-linux-gnu/libc.so.6(+0x7aa26)[0x7fc4cb169a26]
>>>> ralabel[0x432983]
>>>> ralabel[0x45a75b]
>>>> ralabel[0x460057]
>>>> ralabel[0x4037fe]
>>>> ralabel[0x403e4c]
>>>> /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf5)[0x7fc4cb110995]
>>>> ralabel[0x4035f9]
>>>> ======= Memory map: ========
>>>> 00400000-00484000 r-xp 00000000 fe:01 53088964
>>>> /usr/local/bin/ralabel
>>>> 00683000-00693000 rw-p 00083000 fe:01 53088964
>>>> /usr/local/bin/ralabel
>>>> 00693000-011d0000 rw-p 00000000 00:00 0
>>>> 02c1f000-02c40000 rw-p 00000000 00:00 0
>>>> [heap]
>>>> 7fc4cae58000-7fc4cae6d000 r-xp 00000000 fe:01 47972390
>>>> /lib/x86_64-linux-gnu/libgcc_s.so.1
>>>> 7fc4cae6d000-7fc4cb06d000 ---p 00015000 fe:01 47972390
>>>> /lib/x86_64-linux-gnu/libgcc_s.so.1
>>>> 7fc4cb06d000-7fc4cb06e000 rw-p 00015000 fe:01 47972390
>>>> /lib/x86_64-linux-gnu/libgcc_s.so.1
>>>> 7fc4cb06e000-7fc4cb0ef000 rw-p 00000000 00:00 0
>>>> 7fc4cb0ef000-7fc4cb291000 r-xp 00000000 fe:01 47972376
>>>> /lib/x86_64-linux-gnu/libc-2.17.so
>>>> 7fc4cb291000-7fc4cb491000 ---p 001a2000 fe:01 47972376
>>>> /lib/x86_64-linux-gnu/libc-2.17.so
>>>> 7fc4cb491000-7fc4cb495000 r--p 001a2000 fe:01 47972376
>>>> /lib/x86_64-linux-gnu/libc-2.17.so
>>>> 7fc4cb495000-7fc4cb497000 rw-p 001a6000 fe:01 47972376
>>>> /lib/x86_64-linux-gnu/libc-2.17.so
>>>> 7fc4cb497000-7fc4cb49b000 rw-p 00000000 00:00 0
>>>> 7fc4cb49b000-7fc4cb4b2000 r-xp 00000000 fe:01 47972498
>>>> /lib/x86_64-linux-gnu/libz.so.1.2.8
>>>> 7fc4cb4b2000-7fc4cb6b1000 ---p 00017000 fe:01 47972498
>>>> /lib/x86_64-linux-gnu/libz.so.1.2.8
>>>> 7fc4cb6b1000-7fc4cb6b2000 r--p 00016000 fe:01 47972498
>>>> /lib/x86_64-linux-gnu/libz.so.1.2.8
>>>> 7fc4cb6b2000-7fc4cb6b3000 rw-p 00017000 fe:01 47972498
>>>> /lib/x86_64-linux-gnu/libz.so.1.2.8
>>>> 7fc4cb6b3000-7fc4cb6ca000 r-xp 00000000 fe:01 47972361
>>>> /lib/x86_64-linux-gnu/libpthread-2.17.so
>>>> 7fc4cb6ca000-7fc4cb8c9000 ---p 00017000 fe:01 47972361
>>>> /lib/x86_64-linux-gnu/libpthread-2.17.so
>>>> 7fc4cb8c9000-7fc4cb8ca000 r--p 00016000 fe:01 47972361
>>>> /lib/x86_64-linux-gnu/libpthread-2.17.so
>>>> 7fc4cb8ca000-7fc4cb8cb000 rw-p 00017000 fe:01 47972361
>>>> /lib/x86_64-linux-gnu/libpthread-2.17.so
>>>> 7fc4cb8cb000-7fc4cb8cf000 rw-p 00000000 00:00 0
>>>> 7fc4cb8cf000-7fc4cb9cb000 r-xp 00000000 fe:01 47972386
>>>> /lib/x86_64-linux-gnu/libm-2.17.so
>>>> 7fc4cb9cb000-7fc4cbbcb000 ---p 000fc000 fe:01 47972386
>>>> /lib/x86_64-linux-gnu/libm-2.17.so
>>>> 7fc4cbbcb000-7fc4cbbcc000 r--p 000fc000 fe:01 47972386
>>>> /lib/x86_64-linux-gnu/libm-2.17.so
>>>> 7fc4cbbcc000-7fc4cbbcd000 rw-p 000fd000 fe:01 47972386
>>>> /lib/x86_64-linux-gnu/libm-2.17.so
>>>> 7fc4cbbcd000-7fc4cbbee000 r-xp 00000000 fe:01 47972371
>>>> /lib/x86_64-linux-gnu/ld-2.17.so
>>>> 7fc4cbc19000-7fc4cbdd2000 rw-p 00000000 00:00 0
>>>> 7fc4cbde9000-7fc4cbdee000 rw-p 00000000 00:00 0
>>>> 7fc4cbdee000-7fc4cbdef000 r--p 00021000 fe:01 47972371
>>>> /lib/x86_64-linux-gnu/ld-2.17.so
>>>> 7fc4cbdef000-7fc4cbdf1000 rw-p 00022000 fe:01 47972371
>>>> /lib/x86_64-linux-gnu/ld-2.17.so
>>>> 7fff7ed38000-7fff7ed59000 rw-p 00000000 00:00 0
>>>> [stack]
>>>> 7fff7edfe000-7fff7ee00000 r-xp 00000000 00:00 0
>>>> [vdso]
>>>> ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0
>>>> [vsyscall]
>>>> Aborted
>>>>
>>>> Info about my system:
>>>>
>>>> RaLabeler Version 3.0.8
>>>> Linux 3.9-1-amd64 #1 SMP Debian 3.9.8-1 x86_64 GNU/Linux
>>>> libpthread-stubs0:amd64               0.3-3
>>>> libgcc-4.8-dev:amd64                  4.8.2-16
>>>>
>>>>
>>>> #### Second Computer ####
>>>> In another computer the error is:
>>>> ralabel -f test.ralabel.conf -r test.small.biargus -w
>>>> test.small.biargus.labeled
>>>> *** Error in `ralabel': double free or corruption (!prev): 0x0a697920 ***
>>>> Aborted
>>>>
>>>> Info of the second computer:
>>>> Linux 3.14-1-686-pae #1 SMP Debian 3.14.12-1 (2014-07-11) i686 GNU/Linux
>>>> RaLabeler Version 3.0.8
>>>>
>>>>
>>>> #### General ####
>>>> The biargus file was generated with argus 3.0.8 also.
>>>> I'm attaching you all the files so you can test it.
>>>>
>>>>
>>>> thanks
>>>> sebas
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> <test.small.biargus><test.ralabel.conf><test.ralabel>
>>>>
>>>>
>>>
>>>
>>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: argus-1.jpg
Type: image/jpeg
Size: 300871 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20140818/917832e4/attachment.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: argus-2.jpg
Type: image/jpeg
Size: 127058 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20140818/917832e4/attachment-0001.jpg>

More information about the argus mailing list