Segmentation Fault in ralabel 3.0.8
Carter Bullard
carter at qosient.com
Mon Aug 18 08:02:04 EDT 2014
Hey Sebas,
In your argus-clients ./common directory, if you fgrep for FORK, what do you get back ??? If the line that defines ARGUS_FORK is commented out, then there is the problem. If not, we may need to look into what bison version is being used by Kali.
% cd ./common
% fgrep FORK *
Carter
> On Aug 18, 2014, at 5:00 AM, el draco <eldraco at gmail.com> wrote:
>
> Hi carter and list.
>
> Do you mean that if you try to run it on Kali 1.0.8 you don't get any
> segfault? Wow.
>
> Ok, so now I did:
>
> 1- VM kali 1.0.8
> 2- argus-clients 3.0.8
> 3- cd argus-clients-3.0.8
> 4- make uninstall
> 5- touch .devel ; ./configure; make clean; make; make install (as
> root) (also I add "make" to your list of commands)
> 6- cd ..
> 7- ralabel -f ralabel.conf -r test.small.biargus -w test.small.biargus.labeled
> 8- I got the segfault
> 9- I'm attaching the screen output so you can see directly the error from kali.
> 10- I run it again with gdb: gdb --args ralabel -f test.ralabel.conf
> -r test.small.biargus -w test.small.biargus.labeled
>
> And it seems there is an issue when trying to free() some chunk during
> compilation of the filter "tcp and synack"
>
> common/argus_code.c
>
> static void
> freechunks()
> {
> int i;
>
> for (i = 0; i < NCHUNKS; ++i)
> if (chunks[i].m)
> free(chunks[i].m);
> #if defined(ARGUSDEBUG)
> ArgusDebug (9, "freechunks () returning\n");
> #endif
> }
>
>
> I'm attaching gdb output from kali.
> Tell me if you need something more!
>
> thanks
> sebas
>
>
>
>
>
>> On Fri, Aug 15, 2014 at 4:00 PM, Carter Bullard <carter at qosient.com> wrote:
>> No, I’m not getting anything… if you can help us to find the problem.
>> If you could compile the package with the .devel tag file, then
>> we may get a line number of something a little more than just segfault.
>>
>> % touch .devel ; ./configure; make clean; make install
>>
>> And try your data and configuration.
>> If you still get the segfault, the message should have a routine and
>> line number.
>>
>> Carter
>>
>>
>>> On Aug 15, 2014, at 9:16 AM, el draco <eldraco at gmail.com> wrote:
>>>
>>> Hi carter and list.
>>> Sorry for the delay, I just came back from defcon and I'm going back
>>> to my algorithms (btw, was anyone on defcon this year?)
>>>
>>> Well, I use kali as my quick-and-dirty VM because it is already
>>> configured with all the penetration test, libraries and forensic
>>> tools, so I can play safely there. And most important, it uses the
>>> apt-get system to update and install stuff. It is only a rebranded and
>>> updated BackTrack. You can safely assume that BackTrack is dead now.
>>>
>>>
>>> So, I just try it again in a live-cd and just booted Kali, and I keep
>>> getting the segfault. I'm compiling straight out of the tar file, I
>>> have no .debug or .devel tags. I also don't have any rarc.
>>>
>>> I'm using kali 1.0.8 i386 iso file.
>>>
>>> 1- Just boot it and connect to internet.
>>> 2- Then I downloaded the argus clients dev 3.0.8 latest
>>> wget http://qosient.com/argus/dev/argus-clients-latest.tar.gz
>>> d4a7d167ba3f8452de3900bbf01fec46 argus-clients-latest.tar.gz
>>>
>>> 3- I compiled them without errors (./configure;make;make install)
>>> 4- Then I copied the 3 files i sent before and run:
>>>
>>> 5- ralabel -f ralabel.conf -r test.small.biargus -w test.small.biargus.labeled
>>>
>>> And I get the segfault.
>>>
>>> I hope you can reproduce it with kali also!
>>>
>>> thanks!
>>> sebas
>>>
>>>> On Wed, Aug 6, 2014 at 1:43 AM, Carter Bullard <carter at qosient.com> wrote:
>>>> Hey Sebas,
>>>> So no joy in getting your label configuration to die on
>>>> Mac OS X, Ubuntu, FreeBsd, NetBsd …
>>>>
>>>> Your’s is compiled straight out of the tar file, no
>>>> .debug or .devel tags ??? Do you have a rarc that
>>>> could be setting an option that mine isn’t setting ???
>>>>
>>>> So whats with all the recent attention to Kali ???
>>>> I like to pay attention to synchronistic events, and
>>>> this is the second time Kali has come up in 2 days.
>>>>
>>>> Did they do something different ??? Still BackTrack
>>>> or something new ???
>>>>
>>>> Hope all is most excellent,
>>>>
>>>> Carter
>>>>
>>>>
>>>> On Aug 5, 2014, at 6:04 PM, el draco <eldraco at gmail.com> wrote:
>>>>
>>>> Hi Carter
>>>> mmm... I only have debian systems around me, so I can not tell you if other
>>>> systems are vulnerable.
>>>> I'm heading for defcon now but tell me if I can try something else. If I can
>>>> I will try on Kali later and see what happens.
>>>>
>>>> thanks
>>>> sebas
>>>>
>>>>
>>>>
>>>>> On Tue, Aug 5, 2014 at 6:37 PM, Carter Bullard <carter at qosient.com> wrote:
>>>>>
>>>>> Hey Sebas,
>>>>> Not getting any problems on my systems here.
>>>>> Will try to replicate on a Debian system.
>>>>>
>>>>> Carter
>>>>>
>>>>> On Aug 4, 2014, at 12:02 PM, el draco <eldraco at gmail.com> wrote:
>>>>>
>>>>> Hi list. Today I was running ralabel 3.0.8 for the first time and I got
>>>>> this error.
>>>>>
>>>>> #### First computer ####
>>>>>
>>>>> ralabel -f ralabel.conf -r test.small.biargus -w
>>>>> test.small.biargus.labeled
>>>>> *** Error in `ralabel': munmap_chunk(): invalid pointer:
>>>>> 0x0000000002c20f80 ***
>>>>> ======= Backtrace: =========
>>>>> /lib/x86_64-linux-gnu/libc.so.6(+0x7aa26)[0x7fc4cb169a26]
>>>>> ralabel[0x432983]
>>>>> ralabel[0x45a75b]
>>>>> ralabel[0x460057]
>>>>> ralabel[0x4037fe]
>>>>> ralabel[0x403e4c]
>>>>> /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf5)[0x7fc4cb110995]
>>>>> ralabel[0x4035f9]
>>>>> ======= Memory map: ========
>>>>> 00400000-00484000 r-xp 00000000 fe:01 53088964
>>>>> /usr/local/bin/ralabel
>>>>> 00683000-00693000 rw-p 00083000 fe:01 53088964
>>>>> /usr/local/bin/ralabel
>>>>> 00693000-011d0000 rw-p 00000000 00:00 0
>>>>> 02c1f000-02c40000 rw-p 00000000 00:00 0
>>>>> [heap]
>>>>> 7fc4cae58000-7fc4cae6d000 r-xp 00000000 fe:01 47972390
>>>>> /lib/x86_64-linux-gnu/libgcc_s.so.1
>>>>> 7fc4cae6d000-7fc4cb06d000 ---p 00015000 fe:01 47972390
>>>>> /lib/x86_64-linux-gnu/libgcc_s.so.1
>>>>> 7fc4cb06d000-7fc4cb06e000 rw-p 00015000 fe:01 47972390
>>>>> /lib/x86_64-linux-gnu/libgcc_s.so.1
>>>>> 7fc4cb06e000-7fc4cb0ef000 rw-p 00000000 00:00 0
>>>>> 7fc4cb0ef000-7fc4cb291000 r-xp 00000000 fe:01 47972376
>>>>> /lib/x86_64-linux-gnu/libc-2.17.so
>>>>> 7fc4cb291000-7fc4cb491000 ---p 001a2000 fe:01 47972376
>>>>> /lib/x86_64-linux-gnu/libc-2.17.so
>>>>> 7fc4cb491000-7fc4cb495000 r--p 001a2000 fe:01 47972376
>>>>> /lib/x86_64-linux-gnu/libc-2.17.so
>>>>> 7fc4cb495000-7fc4cb497000 rw-p 001a6000 fe:01 47972376
>>>>> /lib/x86_64-linux-gnu/libc-2.17.so
>>>>> 7fc4cb497000-7fc4cb49b000 rw-p 00000000 00:00 0
>>>>> 7fc4cb49b000-7fc4cb4b2000 r-xp 00000000 fe:01 47972498
>>>>> /lib/x86_64-linux-gnu/libz.so.1.2.8
>>>>> 7fc4cb4b2000-7fc4cb6b1000 ---p 00017000 fe:01 47972498
>>>>> /lib/x86_64-linux-gnu/libz.so.1.2.8
>>>>> 7fc4cb6b1000-7fc4cb6b2000 r--p 00016000 fe:01 47972498
>>>>> /lib/x86_64-linux-gnu/libz.so.1.2.8
>>>>> 7fc4cb6b2000-7fc4cb6b3000 rw-p 00017000 fe:01 47972498
>>>>> /lib/x86_64-linux-gnu/libz.so.1.2.8
>>>>> 7fc4cb6b3000-7fc4cb6ca000 r-xp 00000000 fe:01 47972361
>>>>> /lib/x86_64-linux-gnu/libpthread-2.17.so
>>>>> 7fc4cb6ca000-7fc4cb8c9000 ---p 00017000 fe:01 47972361
>>>>> /lib/x86_64-linux-gnu/libpthread-2.17.so
>>>>> 7fc4cb8c9000-7fc4cb8ca000 r--p 00016000 fe:01 47972361
>>>>> /lib/x86_64-linux-gnu/libpthread-2.17.so
>>>>> 7fc4cb8ca000-7fc4cb8cb000 rw-p 00017000 fe:01 47972361
>>>>> /lib/x86_64-linux-gnu/libpthread-2.17.so
>>>>> 7fc4cb8cb000-7fc4cb8cf000 rw-p 00000000 00:00 0
>>>>> 7fc4cb8cf000-7fc4cb9cb000 r-xp 00000000 fe:01 47972386
>>>>> /lib/x86_64-linux-gnu/libm-2.17.so
>>>>> 7fc4cb9cb000-7fc4cbbcb000 ---p 000fc000 fe:01 47972386
>>>>> /lib/x86_64-linux-gnu/libm-2.17.so
>>>>> 7fc4cbbcb000-7fc4cbbcc000 r--p 000fc000 fe:01 47972386
>>>>> /lib/x86_64-linux-gnu/libm-2.17.so
>>>>> 7fc4cbbcc000-7fc4cbbcd000 rw-p 000fd000 fe:01 47972386
>>>>> /lib/x86_64-linux-gnu/libm-2.17.so
>>>>> 7fc4cbbcd000-7fc4cbbee000 r-xp 00000000 fe:01 47972371
>>>>> /lib/x86_64-linux-gnu/ld-2.17.so
>>>>> 7fc4cbc19000-7fc4cbdd2000 rw-p 00000000 00:00 0
>>>>> 7fc4cbde9000-7fc4cbdee000 rw-p 00000000 00:00 0
>>>>> 7fc4cbdee000-7fc4cbdef000 r--p 00021000 fe:01 47972371
>>>>> /lib/x86_64-linux-gnu/ld-2.17.so
>>>>> 7fc4cbdef000-7fc4cbdf1000 rw-p 00022000 fe:01 47972371
>>>>> /lib/x86_64-linux-gnu/ld-2.17.so
>>>>> 7fff7ed38000-7fff7ed59000 rw-p 00000000 00:00 0
>>>>> [stack]
>>>>> 7fff7edfe000-7fff7ee00000 r-xp 00000000 00:00 0
>>>>> [vdso]
>>>>> ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0
>>>>> [vsyscall]
>>>>> Aborted
>>>>>
>>>>> Info about my system:
>>>>>
>>>>> RaLabeler Version 3.0.8
>>>>> Linux 3.9-1-amd64 #1 SMP Debian 3.9.8-1 x86_64 GNU/Linux
>>>>> libpthread-stubs0:amd64 0.3-3
>>>>> libgcc-4.8-dev:amd64 4.8.2-16
>>>>>
>>>>>
>>>>> #### Second Computer ####
>>>>> In another computer the error is:
>>>>> ralabel -f test.ralabel.conf -r test.small.biargus -w
>>>>> test.small.biargus.labeled
>>>>> *** Error in `ralabel': double free or corruption (!prev): 0x0a697920 ***
>>>>> Aborted
>>>>>
>>>>> Info of the second computer:
>>>>> Linux 3.14-1-686-pae #1 SMP Debian 3.14.12-1 (2014-07-11) i686 GNU/Linux
>>>>> RaLabeler Version 3.0.8
>>>>>
>>>>>
>>>>> #### General ####
>>>>> The biargus file was generated with argus 3.0.8 also.
>>>>> I'm attaching you all the files so you can test it.
>>>>>
>>>>>
>>>>> thanks
>>>>> sebas
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> <test.small.biargus><test.ralabel.conf><test.ralabel>
> <argus-1.jpg>
> <argus-2.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2443 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20140818/4dd9213d/attachment.bin>
More information about the argus
mailing list