Segfault in argus_utils.c

[xfors]

argus_utils.c segfaults on ICMPv6 Type 2: Packet To Big

The main issue is using strlen on a NULL string in ArgusPrintState

int slen = strlen(ArgusProcessStr);

The reason there is a NULL string in the first place is caused by ArgusGetICMPv6Status

case ICMP6_PACKET_TOO_BIG:
   retn = icmptypestr[45];
   break;

icmptypestr is declared in argus_util.h as

#define ICMP_MAXTYPE    46

char *icmptypestr[ICMP_MAXTYPE + 1] = {
   "ECR", "   ", "   ", "UR" , "SRC", "RED",
   "AHA", "   ", "ECO", "RTA", "RTS", "TXD",
   "PAR", "TST", "TSR", "IRQ", "IRR", "MAS",
   "MSR", "SEC", "ROB", "ROB", "ROB", "ROB",
   "ROB", "ROB", "ROB", "ROB", "ROB", "ROB",
   "TRC", "DCE", "MHR", "WAY", "IAH", "MRQ",
   "MRP", "DNQ", "DNP", "SKP", "PHO", "EXM",
   "EEO", "EER",
};

Counting the string elements we can see there are only 44 even though the array is defined to be 47 elements
so retn = icmptypestr[45]; will assign a null string to retn.

Here is a proposed patch

argus_util.c

diff --git a/common/argus_util.c b/common/argus_util.c
index ca0e4fc..8b4e6df 100644
--- a/common/argus_util.c
+++ b/common/argus_util.c
@@ -19716,7 +19716,10 @@ ArgusPrintState (struct ArgusParserStruct *parser, char *buf, struct ArgusRecord
       sprintf (buf, " State = \"%s\"", ArgusProcessStr);
       
    } else {
-      int slen = strlen(ArgusProcessStr);
+      int slen = 0;
+      if (ArgusProcessStr != NULL) {
+         int slen = strlen(ArgusProcessStr);
+      }
       if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
          len = slen;
       } else {
@@ -26586,7 +26589,7 @@ ArgusGetICMPv6Status (struct ArgusParserStruct *parser, struct ArgusRecordStruct
                }
                break;
             case ICMP6_PACKET_TOO_BIG:
-               retn = icmptypestr[45];
+              retn = "PTB";
                break;
             case ICMP6_TIME_EXCEEDED:
                switch (icmp->code) {

argus_util.h

diff --git a/include/argus_util.h b/include/argus_util.h
index 12b22ce..2d7c4c5 100644
--- a/include/argus_util.h
+++ b/include/argus_util.h
@@ -1570,7 +1570,7 @@ char *icmptypestr[ICMP_MAXTYPE + 1] = {
    "ROB", "ROB", "ROB", "ROB", "ROB", "ROB",
    "TRC", "DCE", "MHR", "WAY", "IAH", "MRQ",
    "MRP", "DNQ", "DNP", "SKP", "PHO", "EXM",
-   "EEO", "EER",
+   "EEO", "EER", "   ", "   ", "   ",
 };

[xfors]

It seems part of the problem was introduced in commit 51fa84f when icmptypestr was changed in argus_util.h
Filling up the missing type strings would also fix the problem, but does not address the possibility of calling strlen with a null string. I suggest replacing strlen with null-string safe function like

size_t safe_strlen(const char *s) {
  if (s == NULL) {
    return 0;
  } else {
    return strlen(s);
  }
}

[xfors]

There was an error in my previous commit.
This is an alternate patch.

diff --git a/common/argus_util.c b/common/argus_util.c
index 4036127..592bc1d 100644
--- a/common/argus_util.c
+++ b/common/argus_util.c
@@ -19890,7 +19890,7 @@ ArgusPrintState (struct ArgusParserStruct *parser, char *buf, struct ArgusRecord
       sprintf (buf, " State = \"%s\"", ArgusProcessStr);
       
    } else {
-      int slen = strlen(ArgusProcessStr);
+      int slen = ArgusProcessStr ? strlen(ArgusProcessStr) : 0;
       if (parser->RaFieldWidth != RA_FIXED_WIDTH) {
          len = slen;
       } else {
diff --git a/include/argus_util.h b/include/argus_util.h
index 9606c4f..737e76b 100644
--- a/include/argus_util.h
+++ b/include/argus_util.h
@@ -1574,7 +1574,7 @@ char *icmptypestr[ICMP_MAXTYPE + 1] = {
    "ROB", "ROB", "ROB", "ROB", "ROB", "ROB",
    "TRC", "DCE", "MHR", "WAY", "IAH", "MRQ",
    "MRP", "DNQ", "DNP", "SKP", "PHO", "EXM",
-   "EEO", "EER",
+   "EEO", "EER", "   ", "PTB", "   "
 };
 
 char *icmptypelongstr[ICMP_MAXTYPE + 1] = {

[openargus]

Hey Xfor, Thanks, and sorry for the delayed response to this. I’ll be submitting fixes for these, and the src id issues this weekend (submitting Mon/Tue) … Thanks for the fixes, and hope that all is most excellent, Carter

…

On Sep 19, 2025, at 10:55 AM, xfors ***@***.***> wrote: xfors left a comment (openargus/clients#17) <#17 (comment)> There was an error in my previous commit. This is an alternate patch. diff --git a/common/argus_util.c b/common/argus_util.c index 4036127..592bc1d 100644 --- a/common/argus_util.c +++ b/common/argus_util.c @@ -19890,7 +19890,7 @@ ArgusPrintState (struct ArgusParserStruct *parser, char *buf, struct ArgusRecord sprintf (buf, " State = "%s"", ArgusProcessStr); } else { int slen = strlen(ArgusProcessStr); int slen = ArgusProcessStr ? strlen(ArgusProcessStr) : 0; if (parser->RaFieldWidth != RA_FIXED_WIDTH) { len = slen; } else { diff --git a/include/argus_util.h b/include/argus_util.h index 9606c4f..737e76b 100644 --- a/include/argus_util.h +++ b/include/argus_util.h @@ -1574,7 +1574,7 @@ char *icmptypestr[ICMP_MAXTYPE + 1] = { "ROB", "ROB", "ROB", "ROB", "ROB", "ROB", "TRC", "DCE", "MHR", "WAY", "IAH", "MRQ", "MRP", "DNQ", "DNP", "SKP", "PHO", "EXM", "EEO", "EER", "EEO", "EER", " ", "PTB", " " }; char *icmptypelongstr[ICMP_MAXTYPE + 1] = { — Reply to this email directly, view it on GitHub <#17 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AB3MTCHYJCOQVU6KM64SNEL3TQKM5AVCNFSM6AAAAABZHVOFKKVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZTGMJSGUZDOOJYGQ>. You are receiving this because you are subscribed to this thread.

[openargus]

Sorry for the delay …. OK made a change for when the ArgusProcessStr is NULL … Issue #2 in this email … PTB (packet too big) is not an ICMP type, this ICMPv6 message uses ICMP Type 2, and a Code of 0. Adding PTB to the icmptypestr array isn’t good, as this array is designed for IPv4 ICMP mappings. The correct approach is to remove the use of icmptypestr[] in ArgusGetICMPv6Status() for PTB … I’ve changed this. SO … Thanks for pointing out the issue !!!! Carter

…

On Sep 19, 2025, at 10:55 AM, xfors ***@***.***> wrote: xfors left a comment (openargus/clients#17) <#17 (comment)> There was an error in my previous commit. This is an alternate patch. diff --git a/common/argus_util.c b/common/argus_util.c index 4036127..592bc1d 100644 --- a/common/argus_util.c +++ b/common/argus_util.c @@ -19890,7 +19890,7 @@ ArgusPrintState (struct ArgusParserStruct *parser, char *buf, struct ArgusRecord sprintf (buf, " State = "%s"", ArgusProcessStr); } else { int slen = strlen(ArgusProcessStr); int slen = ArgusProcessStr ? strlen(ArgusProcessStr) : 0; if (parser->RaFieldWidth != RA_FIXED_WIDTH) { len = slen; } else { diff --git a/include/argus_util.h b/include/argus_util.h index 9606c4f..737e76b 100644 --- a/include/argus_util.h +++ b/include/argus_util.h @@ -1574,7 +1574,7 @@ char *icmptypestr[ICMP_MAXTYPE + 1] = { "ROB", "ROB", "ROB", "ROB", "ROB", "ROB", "TRC", "DCE", "MHR", "WAY", "IAH", "MRQ", "MRP", "DNQ", "DNP", "SKP", "PHO", "EXM", "EEO", "EER", "EEO", "EER", " ", "PTB", " " }; char *icmptypelongstr[ICMP_MAXTYPE + 1] = { — Reply to this email directly, view it on GitHub <#17 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AB3MTCHYJCOQVU6KM64SNEL3TQKM5AVCNFSM6AAAAABZHVOFKKVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZTGMJSGUZDOOJYGQ>. You are receiving this because you are subscribed to this thread.