argus-server free bug on certian traffic

Jonathan Steel jon.steel at esentire.com
Wed Feb 24 16:08:57 GMT 2010 

Hi

I have found a problem with the argus-server package. I have the problem 
on both 9.04 and 9.10 amd64 machines.

Below is a the contents of the packet and the results of running it 
through argus. Its a single IPSec packet. I had to blank out the source 
IP for privacy reasons.
    0x0000:  4500 0098 0db5 0000 f332 8791 ffff ffff
    0x0010:  ac10 500e b516 c890 0000 0028 8003 0dfe
    0x0020:  4d1a eb9f e790 514b cafd 3a19 152a 02e4
    0x0030:  fecb 430f f040 a371 0f7f 1d44 f92d 9a0e
    0x0040:  bb2a 4214 b337 e50c e9b1 9f75 75ed bb27
    0x0050:  fc7f c5e3 26c9 701f b6ff a2b1 ee01 c729
    0x0060:  9c58 d392 4b59 02ca 559c 7c6c 7bf3 3d54
    0x0070:  2ac2 e1ea 8454 e12c 3fa5 ff21 7c43 ab59
    0x0080:  007a dbd9 6f1b c204 ab63 ab92 de53 1523
    0x0090:  cf35 c139 1847 c36b

argus -r argus-packet-of-doom.pcap
*** glibc detected *** argus: free(): invalid next size (fast): 
0x0000000001c04590 ***
======= Backtrace: =========
/lib/libc.so.6[0x7ff172318dd6]
/lib/libc.so.6(cfree+0x6c)[0x7ff17231d74c]
argus[0x40bfd1]
argus[0x40ced5]
argus[0x405dbd]
argus[0x406c49]
argus[0x403d15]
argus[0x4048fe]
/lib/libc.so.6(__libc_start_main+0xfd)[0x7ff1722c1abd]
argus[0x403359]
======= Memory map: ========
00400000-00429000 r-xp 00000000 08:03 3940506                            
/usr/sbin/argus_linux
00628000-00629000 r--p 00028000 08:03 3940506                            
/usr/sbin/argus_linux
00629000-0062b000 rw-p 00029000 08:03 3940506                            
/usr/sbin/argus_linux
0062b000-0079a000 rw-p 00000000 00:00 0
01c02000-01c23000 rw-p 00000000 00:00 0                                  
[heap]
7ff16c000000-7ff16c021000 rw-p 00000000 00:00 0
7ff16c021000-7ff170000000 ---p 00000000 00:00 0
7ff171e7f000-7ff171e95000 r-xp 00000000 08:03 577041                     
/lib/libgcc_s.so.1
7ff171e95000-7ff172094000 ---p 00016000 08:03 577041                     
/lib/libgcc_s.so.1
7ff172094000-7ff172095000 r--p 00015000 08:03 577041                     
/lib/libgcc_s.so.1
7ff172095000-7ff172096000 rw-p 00016000 08:03 577041                     
/lib/libgcc_s.so.1
7ff172096000-7ff1720a2000 r-xp 00000000 08:03 1363398                    
/lib/libnss_files-2.10.1.so
7ff1720a2000-7ff1722a1000 ---p 0000c000 08:03 1363398                    
/lib/libnss_files-2.10.1.so
7ff1722a1000-7ff1722a2000 r--p 0000b000 08:03 1363398                    
/lib/libnss_files-2.10.1.so
7ff1722a2000-7ff1722a3000 rw-p 0000c000 08:03 1363398                    
/lib/libnss_files-2.10.1.so
7ff1722a3000-7ff172409000 r-xp 00000000 08:03 1363389                    
/lib/libc-2.10.1.so
7ff172409000-7ff172608000 ---p 00166000 08:03 1363389                    
/lib/libc-2.10.1.so
7ff172608000-7ff17260c000 r--p 00165000 08:03 1363389                    
/lib/libc-2.10.1.so
7ff17260c000-7ff17260d000 rw-p 00169000 08:03 1363389                    
/lib/libc-2.10.1.so
7ff17260d000-7ff172612000 rw-p 00000000 00:00 0
7ff172612000-7ff172694000 r-xp 00000000 08:03 1363393                    
/lib/libm-2.10.1.so
7ff172694000-7ff172894000 ---p 00082000 08:03 1363393                    
/lib/libm-2.10.1.so
7ff172894000-7ff172895000 r--p 00082000 08:03 1363393                    
/lib/libm-2.10.1.so
7ff172895000-7ff172896000 rw-p 00083000 08:03 1363393                    
/lib/libm-2.10.1.so
7ff172896000-7ff1728c8000 r-xp 00000000 08:03 8930871                    
/usr/lib/libpcap.so.1.0.0
7ff1728c8000-7ff172ac8000 ---p 00032000 08:03 8930871                    
/usr/lib/libpcap.so.1.0.0
7ff172ac8000-7ff172ac9000 r--p 00032000 08:03 8930871                    
/usr/lib/libpcap.so.1.0.0
7ff172ac9000-7ff172aca000 rw-p 00033000 08:03 8930871                    
/usr/lib/libpcap.so.1.0.0
7ff172aca000-7ff172acb000 rw-p 00000000 00:00 0
7ff172acb000-7ff172ad4000 r-xp 00000000 08:03 9216084                    
/lib/libwrap.so.0.7.6
7ff172ad4000-7ff172cd3000 ---p 00009000 08:03 9216084                    
/lib/libwrap.so.0.7.6
7ff172cd3000-7ff172cd4000 r--p 00008000 08:03 9216084                    
/lib/libwrap.so.0.7.6
7ff172cd4000-7ff172cd5000 rw-p 00009000 08:03 9216084                    
/lib/libwrap.so.0.7.6
7ff172cd5000-7ff172cd6000 rw-p 00000000 00:00 0
7ff172cd6000-7ff172cec000 r-xp 00000000 08:03 1363395                    
/lib/libnsl-2.10.1.so
7ff172cec000-7ff172eec000 ---p 00016000 08:03 1363395                    
/lib/libnsl-2.10.1.so
7ff172eec000-7ff172eed000 r--p 00016000 08:03 1363395                    
/lib/libnsl-2.10.1.so
7ff172eed000-7ff172eee000 rw-p 00017000 08:03 1363395                    
/lib/libnsl-2.10.1.so
7ff172eee000-7ff172ef0000 rw-p 00000000 00:00 0
7ff172ef0000-7ff172f0f000 r-xp 00000000 08:03 1363386                    
/lib/ld-2.10.1.so
7ff173069000-7ff1730ed000 rw-p 00000000 00:00 0
7ff173109000-7ff17310e000 rw-p 00000000 00:00 0
7ff17310e000-7ff17310f000 r--p 0001e000 08:03 1363386                    
/lib/ld-2.10.1.so
7ff17310f000-7ff173110000 rw-p 0001f000 08:03 1363386                    
/lib/ld-2.10.1.so
7fff65ee4000-7fff65ef9000 rw-p 00000000 00:00 0                          
[stack]
7fff65fa5000-7fff65fa6000 r-xp 00000000 00:00 0                          
[vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  
[vsyscall]
Aborted

I don't have time to look into the problem right now. If this problem is 
fixed, can you please notify me if you remember. If I find the problem I 
will mail in a patch.

Thanks,
Jonathan Steel

More information about the Ubuntu-motu mailing list