ironbee dies if there is a body in response to HEAD request #32

Closed
kyprizel opened this Issue Dec 12, 2012 · 5 comments

Comments

Projects
None yet
3 participants
@kyprizel

./iblici --request-file 1 --response-file 2 --config ironbee.conf

$ hexdump -C 1
00000000 48 45 41 44 20 2f 20 48 54 54 50 2f 31 2e 31 0a |HEAD / HTTP/1.1.|
00000010 48 6f 73 74 3a 20 78 78 78 2e 63 6f 6d 0a 0a 0a |Host: xxx.com...|
00000020

$ hexdump -C 2
00000000 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0a |HTTP/1.1 200 OK.|
00000010 53 65 72 76 65 72 3a 20 78 78 78 78 0a 0a 74 65 |Server: xxxx..te|
00000020 73 74 0a |st.|
00000023

2012-12-13T01:52:17.9648+0400 INFO - ( htp_response.c:729 ) [16723] LibHTP Invalid response line
ibcli1: data.c:601: ib_data_get_ex: Assertion `dpi != ((void *)0)' failed.

Program received signal SIGABRT, Aborted.
0x00007ffff6b4f475 in raise () from /lib/x86_64-linux-gnu/libc.so.6
(gdb) bt
#0 0x00007ffff6b4f475 in raise () from /lib/x86_64-linux-gnu/libc.so.6
#1 0x00007ffff6b526f0 in abort () from /lib/x86_64-linux-gnu/libc.so.6
#2 0x00007ffff6b48621 in __assert_fail () from /lib/x86_64-linux-gnu/libc.so.6
#3 0x00007ffff793af92 in ib_data_get_ex (dpi=0x0, name=name@entry=0x7ffff2d4035d "HTP_RESPONSE_FLAGS", name_len=,

pf=pf@entry=0x7fffffffdf78) at data.c:601

#4 0x00007ffff2d3dcae in modhtp_add_flag_to_collection (itx=itx@entry=0x75b4a0,

collection_name=collection_name@entry=0x7ffff2d4035d "HTP_RESPONSE_FLAGS", flag=flag@entry=0x7ffff2d40338 "STATUS_LINE_INVALID") at modhtp.c:236

#5 0x00007ffff2d3dee8 in modhtp_set_parser_flag (itx=itx@entry=0x75b4a0, collection_name=collection_name@entry=0x7ffff2d4035d "HTP_RESPONSE_FLAGS",

flags=0) at modhtp.c:363

#6 0x00007ffff2d3e54f in modhtp_htp_response_body_data (txdata=0x7fffffffe050) at modhtp.c:964
#7 0x00007ffff74f4bc2 in hook_run_all (hook=0x4153, user_data=0x7fffffffe050) at hooks.c:131
#8 0x00007ffff74fac19 in htp_res_run_hook_body_data (connp=connp@entry=0x6cd990, d=d@entry=0x7fffffffe050) at htp_util.c:2295
#9 0x00007ffff74fdc87 in htp_connp_RES_LINE (connp=0x6cd990) at htp_response.c:749
#10 0x00007ffff74fe9d9 in htp_connp_res_data (connp=connp@entry=0x6cd990, timestamp=timestamp@entry=0x7fffffffe0d0, data=,

len=<optimized out>) at htp_response.c:976

#11 0x00007ffff2d3d0c5 in modhtp_iface_data_out (pi=, qcdata=0x7fffffffe1e0) at modhtp.c:1618
#12 0x0000000000405159 in send_file (ib=ib@entry=0x6295b0, icdata=icdata@entry=0x7fffffffe1e0, buf=buf@entry=0x74b270, fp=fp@entry=0x643120,

direction=direction@entry=DATA_OUT, bufsize=65536) at ibcli.c:2171

#13 0x0000000000403314 in run_transaction (rsp_file=, req_file=, trans_num=1, buf=0x74b270, conn=,

ib=0x6295b0, bufsize=<optimized out>) at ibcli.c:2256

#14 run_connection (ib=0x6295b0) at ibcli.c:2325
#15 main (argc=, argv=) at ibcli.c:2485

@ironbee

This comment has been minimized.

Show comment Hide comment
@ironbee

ironbee Dec 14, 2012

Owner

Eldar,

On Wed, Dec 12, 2012 at 3:53 PM, Eldar Zaitov notifications@github.comwrote:

2012-12-13T01:52:17.9648+0400 INFO - ( htp_response.c:729 ) [16723] LibHTP
Invalid response line
ibcli1: data.c:601: ib_data_get_ex: Assertion `dpi != ((void *)0)' failed.

Program received signal SIGABRT, Aborted.

I seem to be unable to reproduce this. Can you send me the configuration,
request and response files that you're using, as well as the exact command
line and any other information that might be helpful in reproducing the
crash?

Thanks

-Nick

Owner

ironbee commented Dec 14, 2012

Eldar,

On Wed, Dec 12, 2012 at 3:53 PM, Eldar Zaitov notifications@github.comwrote:

2012-12-13T01:52:17.9648+0400 INFO - ( htp_response.c:729 ) [16723] LibHTP
Invalid response line
ibcli1: data.c:601: ib_data_get_ex: Assertion `dpi != ((void *)0)' failed.

Program received signal SIGABRT, Aborted.

I seem to be unable to reproduce this. Can you send me the configuration,
request and response files that you're using, as well as the exact command
line and any other information that might be helpful in reproducing the
crash?

Thanks

-Nick

@kyprizel

This comment has been minimized.

Show comment Hide comment
@kyprizel

kyprizel Dec 15, 2012

$ cat ironbee.conf

LogLevel 9 # can be any

SensorId AAAABBBB-1111-2222-3333-FFFF00000023
SensorName blabla
SensorHostname blablabla.com

LoadModule "ibmod_htp.so"
LoadModule "ibmod_pcre.so"
LoadModule "ibmod_ac.so"
LoadModule "ibmod_rules.so"

Set parser "htp"

AuditEngine RelevantOnly
AuditLogIndex None
AuditLogBaseDir /tmp
AuditLogSubDirFormat "%Y%m%d-%H%M"
AuditLogDirMode 0755
AuditLogParts minimal request requestBody -response -responseBody

RequestBuffering Off

<Site site1>
    SiteId AAAABBBB-1111-2222-4444-000000000001
    Hostname *

    RuleEnable "all"

    <Location />
        LogLevel 9
        AuditLogParts +debug
    </Location>
</Site>

$ gdb ibcli
(gdb) r --request-file 1 --response-file 2 --config ironbee.conf

Now you have all the required info.

$ cat ironbee.conf

LogLevel 9 # can be any

SensorId AAAABBBB-1111-2222-3333-FFFF00000023
SensorName blabla
SensorHostname blablabla.com

LoadModule "ibmod_htp.so"
LoadModule "ibmod_pcre.so"
LoadModule "ibmod_ac.so"
LoadModule "ibmod_rules.so"

Set parser "htp"

AuditEngine RelevantOnly
AuditLogIndex None
AuditLogBaseDir /tmp
AuditLogSubDirFormat "%Y%m%d-%H%M"
AuditLogDirMode 0755
AuditLogParts minimal request requestBody -response -responseBody

RequestBuffering Off

<Site site1>
    SiteId AAAABBBB-1111-2222-4444-000000000001
    Hostname *

    RuleEnable "all"

    <Location />
        LogLevel 9
        AuditLogParts +debug
    </Location>
</Site>

$ gdb ibcli
(gdb) r --request-file 1 --response-file 2 --config ironbee.conf

Now you have all the required info.

@nickleroy

This comment has been minimized.

Show comment Hide comment
@nickleroy

nickleroy Dec 15, 2012

On Sat, Dec 15, 2012 at 9:10 AM, Eldar Zaitov notifications@github.comwrote:

Now you have all the required info.

$ gdb ibcli
(gdb) r --request-file 1 --response-file 2 --config ironbee.conf

You didn't attach the request and response files.

-Nick

On Sat, Dec 15, 2012 at 9:10 AM, Eldar Zaitov notifications@github.comwrote:

Now you have all the required info.

$ gdb ibcli
(gdb) r --request-file 1 --response-file 2 --config ironbee.conf

You didn't attach the request and response files.

-Nick

@kyprizel

This comment has been minimized.

Show comment Hide comment
@kyprizel

kyprizel Dec 15, 2012

both are in the first message (hexdumps).

both are in the first message (hexdumps).

@ironbee

This comment has been minimized.

Show comment Hide comment
@ironbee

ironbee Dec 17, 2012

Owner

Eldar,

I've pushed a fix for this to the 0.6.x branch.

Thanks for reporting.

-Nick

Owner

ironbee commented Dec 17, 2012

Eldar,

I've pushed a fix for this to the 0.6.x branch.

Thanks for reporting.

-Nick

@kyprizel kyprizel closed this Dec 27, 2012

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment