Segmentation fault /opt/xplico/bin/mpaltalk #1051

Closed
bugcrash opened this Issue Dec 22, 2016 · 9 comments

Projects

None yet

3 participants

@bugcrash

bugcrash@seconion:/opt/xplico/bin$ ./mpaltalk
mpaltalk v1.1.1
Internet Traffic Decoder (NFAT).
See http://www.xplico.org for more information.

Copyright 2007-2014 Gianluca Costa & Andrea de Franceschi and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

This product includes GeoLite data created by MaxMind, available from http://www.maxmind.com/.

usage: ./mpaltalk [-h] [-s] [-l] [-i] [-c <config_file>] -p
-c config file
-s silent
-p connection port
-i info (PEI generated by this manipulator)
-l print all log in the screen
-h this help
NOTE: parameters MUST respect this order!

bugcrash@seconion:/opt/xplico/bin$ gdb -q /opt/xplico/bin/mpaltalk
Reading symbols from /opt/xplico/bin/mpaltalk...(no debugging symbols found)...done.
(gdb) r -c ruby -e 'puts "A" * 9024'
Starting program: /opt/xplico/bin/mpaltalk -c ruby -e 'puts "A" * 9024'
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
mpaltalk v1.1.1
Internet Traffic Decoder (NFAT).
See http://www.xplico.org for more information.

Copyright 2007-2014 Gianluca Costa & Andrea de Franceschi and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

This product includes GeoLite data created by MaxMind, available from http://www.maxmind.com/.

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff7425943 in _IO_vfprintf_internal (s=, format=,
ap=ap@entry=0x7fffffffbf18) at vfprintf.c:1661
1661 vfprintf.c: No such file or directory.
(gdb) i r rdi
rdi 0x4141414141414141 4702111234474983745

@dougburks
Contributor

Hi @bugcrash ,

Are you trying to report an issue within Xplico itself? If so, please submit it to the Xplico developers directly.

Per the Xplico wiki:

"Don't hesitate to report bugs to bug[@]xplico.org and/or use the forum."
http://wiki.xplico.org/doku.php?id=xplico

Thanks!

@bugcrash

@dougburks
Because securityonion is using the code. Why wait for the third party to fix the issue.

@dougburks
Contributor

I've submitted this to bug@xplico.org on your behalf.

@dougburks
Contributor

No response yet from bug@xplico.org, so I've also posted this to:
http://forum.xplico.org/viewtopic.php?f=4&t=572

@dougburks
Contributor

Still no response from bug@xplico.org or http://forum.xplico.org/viewtopic.php?f=4&t=572, so I've emailed Gianluca Costa personally.

@gnlcosta
gnlcosta commented Jan 2, 2017

Hi @bugcrash ,
can you explain me your command: "-c ruby -e 'puts "A" * 9024'"
All manipulators (msite, mpaltalk, ..) have as parameters these options:
[-h] [-s] [-l] [-i] [-c <config_file>] -p
where [] means optional and other (-p) are mandatory. About that you command is not correct.
In your command line the configuration file has name "ruby", can you send me this configuration file?
Thanks.
Gianluca

@gnlcosta
gnlcosta commented Jan 2, 2017

Hi @bugcrash ,
now I understand your command, ruby generates a very long filename.

@gnlcosta gnlcosta added a commit to xplico/xplico that referenced this issue Jan 2, 2017
@gnlcosta gnlcosta Bugfix: Security-Onion-Solutions/security-onion#1051 f1ae1b7
@dougburks dougburks closed this Jan 30, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment