Segmentation Fault in ralabel 3.0.8
Carter Bullard
carter at qosient.com
Mon Aug 18 12:21:39 EDT 2014
Oh yes, uncomment, and your life will be much better.
Sorry about that, I’m still working on the release tar ball, and
somehow that sneaked in.
Carter
On Aug 18, 2014, at 10:46 AM, el draco <eldraco at gmail.com> wrote:
> Yes, the line is commented.
>
> argus-clients-3.0.8/common$ fgrep FORK *
> argus_code.c://#define ARGUSFORKFILTER 1
> argus_code.c:#if defined(ARGUSFORKFILTER)
> argus_code.c:#if defined(ARGUSFORKFILTER)
> argus_code.c:#if defined(ARGUSFORKFILTER)
> argus_code.c:#if defined(ARGUSFORKFILTER)
> argus_code.c:#endif /* ARGUSFORKFILTER */
>
> This is in the last argus-clients-latest.tar.gz available for download
> from the dev. (wget
> "http://qosient.com/argus/dev/argus-clients-latest.tar.gz")
>
> Just in case:
>
> In first computer
> ii bison 2:3.0.2.dfsg-2
> i386 YACC-compatible parser generator
> ii libbison-dev:i386 2:3.0.2.dfsg-2
> i386 YACC-compatible parser generator - development
> library
>
> In kali
> ii bison 1:2.5.dfsg-2.1
> i386 YACC-compatible parser generator
> ii libbison-dev:i386 1:2.5.dfsg-2.1
> i386 YACC-compatible parser generator - development
> library
>
>
> Should I try with the line uncommented?
>
> thanks
> sebas
>
>
> On Mon, Aug 18, 2014 at 2:02 PM, Carter Bullard <carter at qosient.com> wrote:
>> Hey Sebas,
>> In your argus-clients ./common directory, if you fgrep for FORK, what do you get back ??? If the line that defines ARGUS_FORK is commented out, then there is the problem. If not, we may need to look into what bison version is being used by Kali.
>>
>> % cd ./common
>> % fgrep FORK *
>>
>> Carter
>>
>>> On Aug 18, 2014, at 5:00 AM, el draco <eldraco at gmail.com> wrote:
>>>
>>> Hi carter and list.
>>>
>>> Do you mean that if you try to run it on Kali 1.0.8 you don't get any
>>> segfault? Wow.
>>>
>>> Ok, so now I did:
>>>
>>> 1- VM kali 1.0.8
>>> 2- argus-clients 3.0.8
>>> 3- cd argus-clients-3.0.8
>>> 4- make uninstall
>>> 5- touch .devel ; ./configure; make clean; make; make install (as
>>> root) (also I add "make" to your list of commands)
>>> 6- cd ..
>>> 7- ralabel -f ralabel.conf -r test.small.biargus -w test.small.biargus.labeled
>>> 8- I got the segfault
>>> 9- I'm attaching the screen output so you can see directly the error from kali.
>>> 10- I run it again with gdb: gdb --args ralabel -f test.ralabel.conf
>>> -r test.small.biargus -w test.small.biargus.labeled
>>>
>>> And it seems there is an issue when trying to free() some chunk during
>>> compilation of the filter "tcp and synack"
>>>
>>> common/argus_code.c
>>>
>>> static void
>>> freechunks()
>>> {
>>> int i;
>>>
>>> for (i = 0; i < NCHUNKS; ++i)
>>> if (chunks[i].m)
>>> free(chunks[i].m);
>>> #if defined(ARGUSDEBUG)
>>> ArgusDebug (9, "freechunks () returning\n");
>>> #endif
>>> }
>>>
>>>
>>> I'm attaching gdb output from kali.
>>> Tell me if you need something more!
>>>
>>> thanks
>>> sebas
>>>
>>>
>>>
>>>
>>>
>>>> On Fri, Aug 15, 2014 at 4:00 PM, Carter Bullard <carter at qosient.com> wrote:
>>>> No, I’m not getting anything… if you can help us to find the problem.
>>>> If you could compile the package with the .devel tag file, then
>>>> we may get a line number of something a little more than just segfault.
>>>>
>>>> % touch .devel ; ./configure; make clean; make install
>>>>
>>>> And try your data and configuration.
>>>> If you still get the segfault, the message should have a routine and
>>>> line number.
>>>>
>>>> Carter
>>>>
>>>>
>>>>> On Aug 15, 2014, at 9:16 AM, el draco <eldraco at gmail.com> wrote:
>>>>>
>>>>> Hi carter and list.
>>>>> Sorry for the delay, I just came back from defcon and I'm going back
>>>>> to my algorithms (btw, was anyone on defcon this year?)
>>>>>
>>>>> Well, I use kali as my quick-and-dirty VM because it is already
>>>>> configured with all the penetration test, libraries and forensic
>>>>> tools, so I can play safely there. And most important, it uses the
>>>>> apt-get system to update and install stuff. It is only a rebranded and
>>>>> updated BackTrack. You can safely assume that BackTrack is dead now.
>>>>>
>>>>>
>>>>> So, I just try it again in a live-cd and just booted Kali, and I keep
>>>>> getting the segfault. I'm compiling straight out of the tar file, I
>>>>> have no .debug or .devel tags. I also don't have any rarc.
>>>>>
>>>>> I'm using kali 1.0.8 i386 iso file.
>>>>>
>>>>> 1- Just boot it and connect to internet.
>>>>> 2- Then I downloaded the argus clients dev 3.0.8 latest
>>>>> wget http://qosient.com/argus/dev/argus-clients-latest.tar.gz
>>>>> d4a7d167ba3f8452de3900bbf01fec46 argus-clients-latest.tar.gz
>>>>>
>>>>> 3- I compiled them without errors (./configure;make;make install)
>>>>> 4- Then I copied the 3 files i sent before and run:
>>>>>
>>>>> 5- ralabel -f ralabel.conf -r test.small.biargus -w test.small.biargus.labeled
>>>>>
>>>>> And I get the segfault.
>>>>>
>>>>> I hope you can reproduce it with kali also!
>>>>>
>>>>> thanks!
>>>>> sebas
>>>>>
>>>>>> On Wed, Aug 6, 2014 at 1:43 AM, Carter Bullard <carter at qosient.com> wrote:
>>>>>> Hey Sebas,
>>>>>> So no joy in getting your label configuration to die on
>>>>>> Mac OS X, Ubuntu, FreeBsd, NetBsd …
>>>>>>
>>>>>> Your’s is compiled straight out of the tar file, no
>>>>>> .debug or .devel tags ??? Do you have a rarc that
>>>>>> could be setting an option that mine isn’t setting ???
>>>>>>
>>>>>> So whats with all the recent attention to Kali ???
>>>>>> I like to pay attention to synchronistic events, and
>>>>>> this is the second time Kali has come up in 2 days.
>>>>>>
>>>>>> Did they do something different ??? Still BackTrack
>>>>>> or something new ???
>>>>>>
>>>>>> Hope all is most excellent,
>>>>>>
>>>>>> Carter
>>>>>>
>>>>>>
>>>>>> On Aug 5, 2014, at 6:04 PM, el draco <eldraco at gmail.com> wrote:
>>>>>>
>>>>>> Hi Carter
>>>>>> mmm... I only have debian systems around me, so I can not tell you if other
>>>>>> systems are vulnerable.
>>>>>> I'm heading for defcon now but tell me if I can try something else. If I can
>>>>>> I will try on Kali later and see what happens.
>>>>>>
>>>>>> thanks
>>>>>> sebas
>>>>>>
>>>>>>
>>>>>>
>>>>>>> On Tue, Aug 5, 2014 at 6:37 PM, Carter Bullard <carter at qosient.com> wrote:
>>>>>>>
>>>>>>> Hey Sebas,
>>>>>>> Not getting any problems on my systems here.
>>>>>>> Will try to replicate on a Debian system.
>>>>>>>
>>>>>>> Carter
>>>>>>>
>>>>>>> On Aug 4, 2014, at 12:02 PM, el draco <eldraco at gmail.com> wrote:
>>>>>>>
>>>>>>> Hi list. Today I was running ralabel 3.0.8 for the first time and I got
>>>>>>> this error.
>>>>>>>
>>>>>>> #### First computer ####
>>>>>>>
>>>>>>> ralabel -f ralabel.conf -r test.small.biargus -w
>>>>>>> test.small.biargus.labeled
>>>>>>> *** Error in `ralabel': munmap_chunk(): invalid pointer:
>>>>>>> 0x0000000002c20f80 ***
>>>>>>> ======= Backtrace: =========
>>>>>>> /lib/x86_64-linux-gnu/libc.so.6(+0x7aa26)[0x7fc4cb169a26]
>>>>>>> ralabel[0x432983]
>>>>>>> ralabel[0x45a75b]
>>>>>>> ralabel[0x460057]
>>>>>>> ralabel[0x4037fe]
>>>>>>> ralabel[0x403e4c]
>>>>>>> /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf5)[0x7fc4cb110995]
>>>>>>> ralabel[0x4035f9]
>>>>>>> ======= Memory map: ========
>>>>>>> 00400000-00484000 r-xp 00000000 fe:01 53088964
>>>>>>> /usr/local/bin/ralabel
>>>>>>> 00683000-00693000 rw-p 00083000 fe:01 53088964
>>>>>>> /usr/local/bin/ralabel
>>>>>>> 00693000-011d0000 rw-p 00000000 00:00 0
>>>>>>> 02c1f000-02c40000 rw-p 00000000 00:00 0
>>>>>>> [heap]
>>>>>>> 7fc4cae58000-7fc4cae6d000 r-xp 00000000 fe:01 47972390
>>>>>>> /lib/x86_64-linux-gnu/libgcc_s.so.1
>>>>>>> 7fc4cae6d000-7fc4cb06d000 ---p 00015000 fe:01 47972390
>>>>>>> /lib/x86_64-linux-gnu/libgcc_s.so.1
>>>>>>> 7fc4cb06d000-7fc4cb06e000 rw-p 00015000 fe:01 47972390
>>>>>>> /lib/x86_64-linux-gnu/libgcc_s.so.1
>>>>>>> 7fc4cb06e000-7fc4cb0ef000 rw-p 00000000 00:00 0
>>>>>>> 7fc4cb0ef000-7fc4cb291000 r-xp 00000000 fe:01 47972376
>>>>>>> /lib/x86_64-linux-gnu/libc-2.17.so
>>>>>>> 7fc4cb291000-7fc4cb491000 ---p 001a2000 fe:01 47972376
>>>>>>> /lib/x86_64-linux-gnu/libc-2.17.so
>>>>>>> 7fc4cb491000-7fc4cb495000 r--p 001a2000 fe:01 47972376
>>>>>>> /lib/x86_64-linux-gnu/libc-2.17.so
>>>>>>> 7fc4cb495000-7fc4cb497000 rw-p 001a6000 fe:01 47972376
>>>>>>> /lib/x86_64-linux-gnu/libc-2.17.so
>>>>>>> 7fc4cb497000-7fc4cb49b000 rw-p 00000000 00:00 0
>>>>>>> 7fc4cb49b000-7fc4cb4b2000 r-xp 00000000 fe:01 47972498
>>>>>>> /lib/x86_64-linux-gnu/libz.so.1.2.8
>>>>>>> 7fc4cb4b2000-7fc4cb6b1000 ---p 00017000 fe:01 47972498
>>>>>>> /lib/x86_64-linux-gnu/libz.so.1.2.8
>>>>>>> 7fc4cb6b1000-7fc4cb6b2000 r--p 00016000 fe:01 47972498
>>>>>>> /lib/x86_64-linux-gnu/libz.so.1.2.8
>>>>>>> 7fc4cb6b2000-7fc4cb6b3000 rw-p 00017000 fe:01 47972498
>>>>>>> /lib/x86_64-linux-gnu/libz.so.1.2.8
>>>>>>> 7fc4cb6b3000-7fc4cb6ca000 r-xp 00000000 fe:01 47972361
>>>>>>> /lib/x86_64-linux-gnu/libpthread-2.17.so
>>>>>>> 7fc4cb6ca000-7fc4cb8c9000 ---p 00017000 fe:01 47972361
>>>>>>> /lib/x86_64-linux-gnu/libpthread-2.17.so
>>>>>>> 7fc4cb8c9000-7fc4cb8ca000 r--p 00016000 fe:01 47972361
>>>>>>> /lib/x86_64-linux-gnu/libpthread-2.17.so
>>>>>>> 7fc4cb8ca000-7fc4cb8cb000 rw-p 00017000 fe:01 47972361
>>>>>>> /lib/x86_64-linux-gnu/libpthread-2.17.so
>>>>>>> 7fc4cb8cb000-7fc4cb8cf000 rw-p 00000000 00:00 0
>>>>>>> 7fc4cb8cf000-7fc4cb9cb000 r-xp 00000000 fe:01 47972386
>>>>>>> /lib/x86_64-linux-gnu/libm-2.17.so
>>>>>>> 7fc4cb9cb000-7fc4cbbcb000 ---p 000fc000 fe:01 47972386
>>>>>>> /lib/x86_64-linux-gnu/libm-2.17.so
>>>>>>> 7fc4cbbcb000-7fc4cbbcc000 r--p 000fc000 fe:01 47972386
>>>>>>> /lib/x86_64-linux-gnu/libm-2.17.so
>>>>>>> 7fc4cbbcc000-7fc4cbbcd000 rw-p 000fd000 fe:01 47972386
>>>>>>> /lib/x86_64-linux-gnu/libm-2.17.so
>>>>>>> 7fc4cbbcd000-7fc4cbbee000 r-xp 00000000 fe:01 47972371
>>>>>>> /lib/x86_64-linux-gnu/ld-2.17.so
>>>>>>> 7fc4cbc19000-7fc4cbdd2000 rw-p 00000000 00:00 0
>>>>>>> 7fc4cbde9000-7fc4cbdee000 rw-p 00000000 00:00 0
>>>>>>> 7fc4cbdee000-7fc4cbdef000 r--p 00021000 fe:01 47972371
>>>>>>> /lib/x86_64-linux-gnu/ld-2.17.so
>>>>>>> 7fc4cbdef000-7fc4cbdf1000 rw-p 00022000 fe:01 47972371
>>>>>>> /lib/x86_64-linux-gnu/ld-2.17.so
>>>>>>> 7fff7ed38000-7fff7ed59000 rw-p 00000000 00:00 0
>>>>>>> [stack]
>>>>>>> 7fff7edfe000-7fff7ee00000 r-xp 00000000 00:00 0
>>>>>>> [vdso]
>>>>>>> ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0
>>>>>>> [vsyscall]
>>>>>>> Aborted
>>>>>>>
>>>>>>> Info about my system:
>>>>>>>
>>>>>>> RaLabeler Version 3.0.8
>>>>>>> Linux 3.9-1-amd64 #1 SMP Debian 3.9.8-1 x86_64 GNU/Linux
>>>>>>> libpthread-stubs0:amd64 0.3-3
>>>>>>> libgcc-4.8-dev:amd64 4.8.2-16
>>>>>>>
>>>>>>>
>>>>>>> #### Second Computer ####
>>>>>>> In another computer the error is:
>>>>>>> ralabel -f test.ralabel.conf -r test.small.biargus -w
>>>>>>> test.small.biargus.labeled
>>>>>>> *** Error in `ralabel': double free or corruption (!prev): 0x0a697920 ***
>>>>>>> Aborted
>>>>>>>
>>>>>>> Info of the second computer:
>>>>>>> Linux 3.14-1-686-pae #1 SMP Debian 3.14.12-1 (2014-07-11) i686 GNU/Linux
>>>>>>> RaLabeler Version 3.0.8
>>>>>>>
>>>>>>>
>>>>>>> #### General ####
>>>>>>> The biargus file was generated with argus 3.0.8 also.
>>>>>>> I'm attaching you all the files so you can test it.
>>>>>>>
>>>>>>>
>>>>>>> thanks
>>>>>>> sebas
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> <test.small.biargus><test.ralabel.conf><test.ralabel>
>>> <argus-1.jpg>
>>> <argus-2.jpg>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6837 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20140818/8cdaf73c/attachment.bin>
More information about the argus
mailing list