Segmentation Fault in ralabel 3.0.8
el draco
eldraco at gmail.com
Mon Aug 18 10:46:55 EDT 2014
Yes, the line is commented.
argus-clients-3.0.8/common$ fgrep FORK *
argus_code.c://#define ARGUSFORKFILTER 1
argus_code.c:#if defined(ARGUSFORKFILTER)
argus_code.c:#if defined(ARGUSFORKFILTER)
argus_code.c:#if defined(ARGUSFORKFILTER)
argus_code.c:#if defined(ARGUSFORKFILTER)
argus_code.c:#endif /* ARGUSFORKFILTER */
This is in the last argus-clients-latest.tar.gz available for download
from the dev. (wget
"http://qosient.com/argus/dev/argus-clients-latest.tar.gz")
Just in case:
In first computer
ii bison 2:3.0.2.dfsg-2
i386 YACC-compatible parser generator
ii libbison-dev:i386 2:3.0.2.dfsg-2
i386 YACC-compatible parser generator - development
library
In kali
ii bison 1:2.5.dfsg-2.1
i386 YACC-compatible parser generator
ii libbison-dev:i386 1:2.5.dfsg-2.1
i386 YACC-compatible parser generator - development
library
Should I try with the line uncommented?
thanks
sebas
On Mon, Aug 18, 2014 at 2:02 PM, Carter Bullard <carter at qosient.com> wrote:
> Hey Sebas,
> In your argus-clients ./common directory, if you fgrep for FORK, what do you get back ??? If the line that defines ARGUS_FORK is commented out, then there is the problem. If not, we may need to look into what bison version is being used by Kali.
>
> % cd ./common
> % fgrep FORK *
>
> Carter
>
>> On Aug 18, 2014, at 5:00 AM, el draco <eldraco at gmail.com> wrote:
>>
>> Hi carter and list.
>>
>> Do you mean that if you try to run it on Kali 1.0.8 you don't get any
>> segfault? Wow.
>>
>> Ok, so now I did:
>>
>> 1- VM kali 1.0.8
>> 2- argus-clients 3.0.8
>> 3- cd argus-clients-3.0.8
>> 4- make uninstall
>> 5- touch .devel ; ./configure; make clean; make; make install (as
>> root) (also I add "make" to your list of commands)
>> 6- cd ..
>> 7- ralabel -f ralabel.conf -r test.small.biargus -w test.small.biargus.labeled
>> 8- I got the segfault
>> 9- I'm attaching the screen output so you can see directly the error from kali.
>> 10- I run it again with gdb: gdb --args ralabel -f test.ralabel.conf
>> -r test.small.biargus -w test.small.biargus.labeled
>>
>> And it seems there is an issue when trying to free() some chunk during
>> compilation of the filter "tcp and synack"
>>
>> common/argus_code.c
>>
>> static void
>> freechunks()
>> {
>> int i;
>>
>> for (i = 0; i < NCHUNKS; ++i)
>> if (chunks[i].m)
>> free(chunks[i].m);
>> #if defined(ARGUSDEBUG)
>> ArgusDebug (9, "freechunks () returning\n");
>> #endif
>> }
>>
>>
>> I'm attaching gdb output from kali.
>> Tell me if you need something more!
>>
>> thanks
>> sebas
>>
>>
>>
>>
>>
>>> On Fri, Aug 15, 2014 at 4:00 PM, Carter Bullard <carter at qosient.com> wrote:
>>> No, I’m not getting anything… if you can help us to find the problem.
>>> If you could compile the package with the .devel tag file, then
>>> we may get a line number of something a little more than just segfault.
>>>
>>> % touch .devel ; ./configure; make clean; make install
>>>
>>> And try your data and configuration.
>>> If you still get the segfault, the message should have a routine and
>>> line number.
>>>
>>> Carter
>>>
>>>
>>>> On Aug 15, 2014, at 9:16 AM, el draco <eldraco at gmail.com> wrote:
>>>>
>>>> Hi carter and list.
>>>> Sorry for the delay, I just came back from defcon and I'm going back
>>>> to my algorithms (btw, was anyone on defcon this year?)
>>>>
>>>> Well, I use kali as my quick-and-dirty VM because it is already
>>>> configured with all the penetration test, libraries and forensic
>>>> tools, so I can play safely there. And most important, it uses the
>>>> apt-get system to update and install stuff. It is only a rebranded and
>>>> updated BackTrack. You can safely assume that BackTrack is dead now.
>>>>
>>>>
>>>> So, I just try it again in a live-cd and just booted Kali, and I keep
>>>> getting the segfault. I'm compiling straight out of the tar file, I
>>>> have no .debug or .devel tags. I also don't have any rarc.
>>>>
>>>> I'm using kali 1.0.8 i386 iso file.
>>>>
>>>> 1- Just boot it and connect to internet.
>>>> 2- Then I downloaded the argus clients dev 3.0.8 latest
>>>> wget http://qosient.com/argus/dev/argus-clients-latest.tar.gz
>>>> d4a7d167ba3f8452de3900bbf01fec46 argus-clients-latest.tar.gz
>>>>
>>>> 3- I compiled them without errors (./configure;make;make install)
>>>> 4- Then I copied the 3 files i sent before and run:
>>>>
>>>> 5- ralabel -f ralabel.conf -r test.small.biargus -w test.small.biargus.labeled
>>>>
>>>> And I get the segfault.
>>>>
>>>> I hope you can reproduce it with kali also!
>>>>
>>>> thanks!
>>>> sebas
>>>>
>>>>> On Wed, Aug 6, 2014 at 1:43 AM, Carter Bullard <carter at qosient.com> wrote:
>>>>> Hey Sebas,
>>>>> So no joy in getting your label configuration to die on
>>>>> Mac OS X, Ubuntu, FreeBsd, NetBsd …
>>>>>
>>>>> Your’s is compiled straight out of the tar file, no
>>>>> .debug or .devel tags ??? Do you have a rarc that
>>>>> could be setting an option that mine isn’t setting ???
>>>>>
>>>>> So whats with all the recent attention to Kali ???
>>>>> I like to pay attention to synchronistic events, and
>>>>> this is the second time Kali has come up in 2 days.
>>>>>
>>>>> Did they do something different ??? Still BackTrack
>>>>> or something new ???
>>>>>
>>>>> Hope all is most excellent,
>>>>>
>>>>> Carter
>>>>>
>>>>>
>>>>> On Aug 5, 2014, at 6:04 PM, el draco <eldraco at gmail.com> wrote:
>>>>>
>>>>> Hi Carter
>>>>> mmm... I only have debian systems around me, so I can not tell you if other
>>>>> systems are vulnerable.
>>>>> I'm heading for defcon now but tell me if I can try something else. If I can
>>>>> I will try on Kali later and see what happens.
>>>>>
>>>>> thanks
>>>>> sebas
>>>>>
>>>>>
>>>>>
>>>>>> On Tue, Aug 5, 2014 at 6:37 PM, Carter Bullard <carter at qosient.com> wrote:
>>>>>>
>>>>>> Hey Sebas,
>>>>>> Not getting any problems on my systems here.
>>>>>> Will try to replicate on a Debian system.
>>>>>>
>>>>>> Carter
>>>>>>
>>>>>> On Aug 4, 2014, at 12:02 PM, el draco <eldraco at gmail.com> wrote:
>>>>>>
>>>>>> Hi list. Today I was running ralabel 3.0.8 for the first time and I got
>>>>>> this error.
>>>>>>
>>>>>> #### First computer ####
>>>>>>
>>>>>> ralabel -f ralabel.conf -r test.small.biargus -w
>>>>>> test.small.biargus.labeled
>>>>>> *** Error in `ralabel': munmap_chunk(): invalid pointer:
>>>>>> 0x0000000002c20f80 ***
>>>>>> ======= Backtrace: =========
>>>>>> /lib/x86_64-linux-gnu/libc.so.6(+0x7aa26)[0x7fc4cb169a26]
>>>>>> ralabel[0x432983]
>>>>>> ralabel[0x45a75b]
>>>>>> ralabel[0x460057]
>>>>>> ralabel[0x4037fe]
>>>>>> ralabel[0x403e4c]
>>>>>> /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf5)[0x7fc4cb110995]
>>>>>> ralabel[0x4035f9]
>>>>>> ======= Memory map: ========
>>>>>> 00400000-00484000 r-xp 00000000 fe:01 53088964
>>>>>> /usr/local/bin/ralabel
>>>>>> 00683000-00693000 rw-p 00083000 fe:01 53088964
>>>>>> /usr/local/bin/ralabel
>>>>>> 00693000-011d0000 rw-p 00000000 00:00 0
>>>>>> 02c1f000-02c40000 rw-p 00000000 00:00 0
>>>>>> [heap]
>>>>>> 7fc4cae58000-7fc4cae6d000 r-xp 00000000 fe:01 47972390
>>>>>> /lib/x86_64-linux-gnu/libgcc_s.so.1
>>>>>> 7fc4cae6d000-7fc4cb06d000 ---p 00015000 fe:01 47972390
>>>>>> /lib/x86_64-linux-gnu/libgcc_s.so.1
>>>>>> 7fc4cb06d000-7fc4cb06e000 rw-p 00015000 fe:01 47972390
>>>>>> /lib/x86_64-linux-gnu/libgcc_s.so.1
>>>>>> 7fc4cb06e000-7fc4cb0ef000 rw-p 00000000 00:00 0
>>>>>> 7fc4cb0ef000-7fc4cb291000 r-xp 00000000 fe:01 47972376
>>>>>> /lib/x86_64-linux-gnu/libc-2.17.so
>>>>>> 7fc4cb291000-7fc4cb491000 ---p 001a2000 fe:01 47972376
>>>>>> /lib/x86_64-linux-gnu/libc-2.17.so
>>>>>> 7fc4cb491000-7fc4cb495000 r--p 001a2000 fe:01 47972376
>>>>>> /lib/x86_64-linux-gnu/libc-2.17.so
>>>>>> 7fc4cb495000-7fc4cb497000 rw-p 001a6000 fe:01 47972376
>>>>>> /lib/x86_64-linux-gnu/libc-2.17.so
>>>>>> 7fc4cb497000-7fc4cb49b000 rw-p 00000000 00:00 0
>>>>>> 7fc4cb49b000-7fc4cb4b2000 r-xp 00000000 fe:01 47972498
>>>>>> /lib/x86_64-linux-gnu/libz.so.1.2.8
>>>>>> 7fc4cb4b2000-7fc4cb6b1000 ---p 00017000 fe:01 47972498
>>>>>> /lib/x86_64-linux-gnu/libz.so.1.2.8
>>>>>> 7fc4cb6b1000-7fc4cb6b2000 r--p 00016000 fe:01 47972498
>>>>>> /lib/x86_64-linux-gnu/libz.so.1.2.8
>>>>>> 7fc4cb6b2000-7fc4cb6b3000 rw-p 00017000 fe:01 47972498
>>>>>> /lib/x86_64-linux-gnu/libz.so.1.2.8
>>>>>> 7fc4cb6b3000-7fc4cb6ca000 r-xp 00000000 fe:01 47972361
>>>>>> /lib/x86_64-linux-gnu/libpthread-2.17.so
>>>>>> 7fc4cb6ca000-7fc4cb8c9000 ---p 00017000 fe:01 47972361
>>>>>> /lib/x86_64-linux-gnu/libpthread-2.17.so
>>>>>> 7fc4cb8c9000-7fc4cb8ca000 r--p 00016000 fe:01 47972361
>>>>>> /lib/x86_64-linux-gnu/libpthread-2.17.so
>>>>>> 7fc4cb8ca000-7fc4cb8cb000 rw-p 00017000 fe:01 47972361
>>>>>> /lib/x86_64-linux-gnu/libpthread-2.17.so
>>>>>> 7fc4cb8cb000-7fc4cb8cf000 rw-p 00000000 00:00 0
>>>>>> 7fc4cb8cf000-7fc4cb9cb000 r-xp 00000000 fe:01 47972386
>>>>>> /lib/x86_64-linux-gnu/libm-2.17.so
>>>>>> 7fc4cb9cb000-7fc4cbbcb000 ---p 000fc000 fe:01 47972386
>>>>>> /lib/x86_64-linux-gnu/libm-2.17.so
>>>>>> 7fc4cbbcb000-7fc4cbbcc000 r--p 000fc000 fe:01 47972386
>>>>>> /lib/x86_64-linux-gnu/libm-2.17.so
>>>>>> 7fc4cbbcc000-7fc4cbbcd000 rw-p 000fd000 fe:01 47972386
>>>>>> /lib/x86_64-linux-gnu/libm-2.17.so
>>>>>> 7fc4cbbcd000-7fc4cbbee000 r-xp 00000000 fe:01 47972371
>>>>>> /lib/x86_64-linux-gnu/ld-2.17.so
>>>>>> 7fc4cbc19000-7fc4cbdd2000 rw-p 00000000 00:00 0
>>>>>> 7fc4cbde9000-7fc4cbdee000 rw-p 00000000 00:00 0
>>>>>> 7fc4cbdee000-7fc4cbdef000 r--p 00021000 fe:01 47972371
>>>>>> /lib/x86_64-linux-gnu/ld-2.17.so
>>>>>> 7fc4cbdef000-7fc4cbdf1000 rw-p 00022000 fe:01 47972371
>>>>>> /lib/x86_64-linux-gnu/ld-2.17.so
>>>>>> 7fff7ed38000-7fff7ed59000 rw-p 00000000 00:00 0
>>>>>> [stack]
>>>>>> 7fff7edfe000-7fff7ee00000 r-xp 00000000 00:00 0
>>>>>> [vdso]
>>>>>> ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0
>>>>>> [vsyscall]
>>>>>> Aborted
>>>>>>
>>>>>> Info about my system:
>>>>>>
>>>>>> RaLabeler Version 3.0.8
>>>>>> Linux 3.9-1-amd64 #1 SMP Debian 3.9.8-1 x86_64 GNU/Linux
>>>>>> libpthread-stubs0:amd64 0.3-3
>>>>>> libgcc-4.8-dev:amd64 4.8.2-16
>>>>>>
>>>>>>
>>>>>> #### Second Computer ####
>>>>>> In another computer the error is:
>>>>>> ralabel -f test.ralabel.conf -r test.small.biargus -w
>>>>>> test.small.biargus.labeled
>>>>>> *** Error in `ralabel': double free or corruption (!prev): 0x0a697920 ***
>>>>>> Aborted
>>>>>>
>>>>>> Info of the second computer:
>>>>>> Linux 3.14-1-686-pae #1 SMP Debian 3.14.12-1 (2014-07-11) i686 GNU/Linux
>>>>>> RaLabeler Version 3.0.8
>>>>>>
>>>>>>
>>>>>> #### General ####
>>>>>> The biargus file was generated with argus 3.0.8 also.
>>>>>> I'm attaching you all the files so you can test it.
>>>>>>
>>>>>>
>>>>>> thanks
>>>>>> sebas
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> <test.small.biargus><test.ralabel.conf><test.ralabel>
>> <argus-1.jpg>
>> <argus-2.jpg>
More information about the argus
mailing list