-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Segmentation fault (core dumped) with DPD anchoring at the end of payload #1977
Comments
I'm not sure why this is triggering via a DPD change, but here's the backtrace for this at least. It's actually crashing on an assert in the hilti code that's part of spicy. I'll look into what causes the DPD change to take a different path here.
|
I'll look into the assertion failure on the Spicy side (likely caused by code in zeek/spicy-plugin). What is interesting is that if I run with
|
The assertion checks that we still have a HILTI context around. It fails here since it is called via I am unsure on the plugin/analyzer state machine, should this work on the plugin side or is this an issue in Zeek? |
I'm not seeing this crash anymore on the latest |
I'm going to close this one out as not reproducible. Feel free to reopen if it's still a problem. |
I have attached zeek-dpdcrash.tar.gz that contains a zkg package directory (based off of bbannier/package-template-spicy). The core of the issue seems to be:
Steps to reproduce:
zkg install --skiptest
zeek -C -r ./traces/trace.pcap zeek-dpdcrash
Segmentation fault (core dumped)
althoughconn.log
is created.If I change the DPD payload line to be
payload /^[\xf1-\xfe]/
it does not crash.Platform: Debian Linux 11 on x86_64
Zeek version: 4.2.0
Spicy version: 1.3.0
The text was updated successfully, but these errors were encountered: