OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.
This reliably crashes my analysisd (and thus, everything) on my server every 30 minutes after upgrading to v3.7.0
The commit that introduced the segfault is: a6739d6978b1b0715a63c41c4cfce8307e814e61
Valgrind output:
==68360== Conditional jump or move depends on uninitialised value(s)
==68360== at 0x410FB1B: ???
==68360== by 0xBA145DD: ???
==68360==
==68360== Invalid read of size 1
==68360== at 0x4C2D112: __GI_strlen (vg_replace_strmem.c:462)
==68360== by 0x6947B7D: strdup (in /usr/lib64/libc-2.17.so)
==68360== by 0x121FF8: DB_Search (syscheck.c:632)
==68360== by 0x121FF8: DecodeSyscheck (syscheck.c:765)
==68360== by 0x118919: OS_ReadMSG (analysisd.c:767)
==68360== by 0x10CFBD: main (analysisd.c:525)
==68360== Address 0x0 is not stack'd, malloc'd or (recently) free'd
==68360==
==68360==
==68360== Process terminating with default action of signal 11 (SIGSEGV): dumping core
==68360== Access not within mapped region at address 0x0
==68360== at 0x4C2D112: __GI_strlen (vg_replace_strmem.c:462)
==68360== by 0x6947B7D: strdup (in /usr/lib64/libc-2.17.so)
==68360== by 0x121FF8: DB_Search (syscheck.c:632)
==68360== by 0x121FF8: DecodeSyscheck (syscheck.c:765)
==68360== by 0x118919: OS_ReadMSG (analysisd.c:767)
==68360== by 0x10CFBD: main (analysisd.c:525)
==68360== If you believe this happened as a result of a stack
==68360== overflow in your program's main thread (unlikely but
==68360== possible), you can try to increase the size of the
==68360== main thread stack using the --main-stacksize= flag.
==68360== The main thread stack size used in this run was 8388608.
--68360-- Discarding syms at 0xa5bc1b0-0xa5c3501 in /usr/lib64/libnss_files-2.17.so (have_dinfo 1)
This reliably crashes my
analysisd
(and thus, everything) on my server every 30 minutes after upgrading to v3.7.0The commit that introduced the segfault is: a6739d6978b1b0715a63c41c4cfce8307e814e61
Valgrind output: