Segmentation fault /opt/xplico/bin/msite #1041

Closed
bugcrash opened this Issue Dec 21, 2016 · 11 comments

Projects

None yet

5 participants

@bugcrash

bugcrash@seconion:/opt/xplico/bin$ ./msite
msite v1.1.1
Internet Traffic Decoder (NFAT).
See http://www.xplico.org for more information.

Copyright 2007-2014 Gianluca Costa & Andrea de Franceschi and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

This product includes GeoLite data created by MaxMind, available from http://www.maxmind.com/.

usage: ./msite [-h] [-s] [-l] [-i] [-c <config_file>] -p
-c config file
-s silent
-p connection port
-i info (PEI generated by this manipulator)
-l print all log in the screen
-h this help
NOTE: parameters MUST respect this order!

bugcrash@seconion:/opt/xplico/bin$ gdb -q /opt/xplico/bin/msite
Reading symbols from /opt/xplico/bin/msite...(no debugging symbols found)...done.
(gdb) r -c ruby -e 'puts "A" * 9024'
Starting program: /opt/xplico/bin/msite -c ruby -e 'puts "A" * 9024'
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
msite v1.1.1
Internet Traffic Decoder (NFAT).
See http://www.xplico.org for more information.

Copyright 2007-2014 Gianluca Costa & Andrea de Franceschi and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

This product includes GeoLite data created by MaxMind, available from http://www.maxmind.com/.

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff7425943 in _IO_vfprintf_internal (s=,
format=, ap=ap@entry=0x7fffffffb938) at vfprintf.c:1661
1661 vfprintf.c: No such file or directory.
(gdb) info reg rdi
rdi 0x4141414141414141 4702111234474983745
(gdb)

...multiple bins look to fall in similiar fashion.

@dougburks
Contributor

Hi @bugcrash ,

Are you trying to report an issue within Xplico itself? If so, it may be better for you to contact the Xplico developers directly.

@bugcrash

@dougburks,
Nope, not reporting to them. The developers should probably look here.

@dougburks
Contributor

Hi @bugcrash ,

I'm not sure I understand.

The Security Onion team does not develop Xplico.

The Xplico developers are not involved in Security Onion and do not monitor our github repo.

Why not report Xplico issues to the Xplico developers who can fix these issues?

@weslambert

@bugcrash

Per the Xplico wiki:

"Don't hesitate to report bugs to bug[@]xplico.org and/or use the forum."
http://wiki.xplico.org/doku.php?id=xplico

Is there any reason why you wouldn't report it to them, so that it could be fixed upstream by the Xplico developers themselves?

@bugcrash

@weslambert
Because securityonion is using the code. Why wait for the third party to fix the issue.

@dougburks
Contributor
dougburks commented Dec 22, 2016 edited

I've submitted this to bug@xplico.org on your behalf.

UPDATE 2016/12/26 - No response yet from bug@xplico.org, so I've also posted this to:
http://forum.xplico.org/viewtopic.php?f=4&t=572

@mcdargh
mcdargh commented Dec 24, 2016

That's awesome! @bugcrash how many fixes have you made to git and Chrome (or the browser of your choice), and Linux? I mean you're using the code, why wait for a third party to fix it? Right?

@bugcrash

@mcdargh
both those products are not pushed as a 'security tool'.

not sure why a 'security tool' would not do some simple analysis of the utilities it incorporates? especially if it includes third party tools.

@dougburks
Contributor

Hi @bugcrash ,

As I mentioned in another thread, no QA team is perfect, just like no software is perfect.

Still no response from bug@xplico.org or http://forum.xplico.org/viewtopic.php?f=4&t=572, so I've emailed Gianluca Costa personally.

@dougburks dougburks closed this Jan 30, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment