TLS protocol detection fails with segmentation fault

[rajdippatel-emc]

Description

In a rare case scenario TLS protocol detection fails with segmentation fault in following location.

0 0x00007f37cadef96e in ndpi_search_tls_tcp_memory () from /lib/libndpi.so.4
[Current thread is 1 (Thread 0x7f37ad7fa700 (LWP 27))]
(gdb) bt
#0 0x00007f37cadef96e in ndpi_search_tls_tcp_memory () from /lib/libndpi.so.4
#1 0x00007f37cadf2029 in ndpi_search_tls_tcp.part () from /lib/libndpi.so.4
#2 0x00007f37cae0d914 in ndpi_process_extra_packet () from /lib/libndpi.so.4
#3 0x00005570bf841f53 in PacketProcessor::process (this=0x5570c107cc00, packet=...) at /usr/local/include/pcapplusplus/Layer.h:101
#4 0x00005570bf842525 in PacketProcessor::run (this=0x5570c107cc00, args=) at /tmp/app/PacketProcessor.cpp:114
#5 0x00005570bfad6a5a in workerProc (this=0x5570c107cc00, args=0x0) at /tmp/app/Task.cpp:107
#6 0x00005570bfad6ae2 in threadProc (owner=0x5570c107cc00, args=) at /tmp/app/Task.cpp:82
#7 0x00007f37cab05de4 in ?? () from /lib/x86_64-linux-gnu/libstdc++.so.6
#8 0x00007f37cb1a9609 in start_thread () from /lib/x86_64-linux-gnu/libpthread.so.0
#9 0x00007f37ca7f0133 in clone () from /lib/x86_64-linux-gnu/libc.so.6

Expected behavior

nDPI TLS parser should not create segmentation fault

Obtained behavior

nDPI TLS parser is failing in special scenario and it is generating segmentation fault. After that app crashes immediately.

nDPI Environment (please complete the following information):

• OS name: Ubuntu
• OS version: 20.04]
• Architecture: amd64
• nDPI version or commit hash: 4.4-stable or d2e7673
• nDPI compilation flags used: ./autogen.sh only
• Attach the config.log file generated after ./configure ran (if you are building from source).

How to reproduce the reported bug

Reproducible using ndpiReader?

• The reported bug is reproducible using ndpiReader.
• The reported bug is not reproducible using ndpiReader.

[IvanNardi]

I don't know how much help I can provide without a trace triggering the issue, especially since you are using your own application.
Anyways, some general advice:

• be sure that you don't share struct ndpi_detection_module_struct * object among different threads
• try compiling nDPI AND your application with ASAN
• try latest dev branch

It would be useful if you could provide a pcap triggering the crash

[utoni]

Without a core dump, pcap file or at least debug symbols enabled, it is like searching for the needle in a haystack.

[IvanNardi]

@rajdippatel-emc , any updates?

[rajdippatel-emc]

Thanks Ivan.

I added inline answers.

I don't know how much help I can provide without a trace triggering the issue, especially since you are using your own application. Anyways, some general advice:
--> We had crash in custom application and it was very huge so I didn't include it here.

• be sure that you don't share struct ndpi_detection_module_struct * object among different threads
  --> We are using only single thread for processing all the packets so we have only single ndpi_detection_module_struct and this should not be problem.
• try compiling nDPI AND your application with ASAN
  --> This needs to be adjusted in our CMake and needs to see if we can replicate it. But I am not sure if ASAN will have more benefit than RelWithDebInfo build
• try latest dev branch
  --> We will try for this.

We are hoping 2nd and 3rd will be checked soon.

It would be useful if you could provide a pcap triggering the crash

[IvanNardi]

Closing for inactivity. If you have other issues, please open a new ticket