ranonymize segfaults when doing specific host translations

Brad brad at vt.edu
Tue Mar 3 10:23:18 EST 2015 

Argus devs,

We are using argus-clients-3.0.8 (current stable) on Centos 6.6 (Final
x86_64). We built argus-clients with the default configuration:

    ./configure
    make
    make install

In this environment, ranonymize segfaults when doing specific host to host
translations. Here is the line in the ranonymize conf file (which when
used) causes the segfault:

    RANON_SPECIFY_HOST_TRANSLATION=128.173.1.1::192.168.1.1

We've tried this line both ways original_ip::anon_ip and
anon_ip::original_ip. Unless we missed it, the documentation is not clear
on what side is the original_ip and what side is the anon_ip. We've also
tried using different RFC 1918 addys as the anon_ip. In all cases, the
segfault occurs.

We touched .devel and then re-built the clients. Here is the line number
where the segfault occurs.

# valgrind
==31829== Invalid read of size 4
==31829==    at 0x406C68: RaMapFindHashObject (ranonymize.c:1461)
==31829==    by 0x40683C: RaMapInventory (ranonymize.c:1338)
==31829==    by 0x407E18: ArgusAnonymizeFlow (ranonymize.c:1996)
==31829==    by 0x405425: RaProcessRecord (ranonymize.c:703)
==31829==    by 0x4176CD: RaScheduleRecord (argus_util.c:2664)
==31829==    by 0x417CDD: ArgusHandleRecord (argus_util.c:2778)
==31829==    by 0x46329C: ArgusReadStreamSocket (argus_client.c:440)
==31829==    by 0x463473: ArgusReadFileStream (argus_client.c:496)
==31829==    by 0x408AEC: main (argus_main.c:253)
==31829==  Address 0x14 is not stack'd, malloc'd or (recently) free'd

# gdb
Program received signal SIGSEGV, Segmentation fault.
0x0000000000406c68 in RaMapFindHashObject (table=0x712ba0,
obj=0x7ffff7e3b33c, type=16, len=4)
    at ./ranonymize.c:1461
/root/argus-clients-3.0.8/clients/ranonymize.c:1461:48073:beg:0x406c68

Please let us know if we can do anything to test this further.

Brad
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20150303/9e7aa085/attachment.html>

More information about the argus mailing list