Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Core dump

From: "Mayers, Philip J" <p.mayers () ic ac uk>
Date: Mon, 20 Aug 2001 14:48:58 +0100
First time I've seen a problem in the pattern matcher... I hadn't had time
to update to 1.8.1 release, so this may have been fixed...

466 Snort rules read...
466 Option Chains linked into 193 Chain Headers
0 Dynamic rules
+++++++++++++++++++++++++++++++++++++++++++++++++++

Rule application order: ->activation->dynamic->alert->pass->log

        --== Initialization Complete ==--

-*> Snort! <*-
Version 1.8.1-rc2 (Build 72)
By Martin Roesch (roesch () sourcefire com, www.snort.org)
Segmentation fault (core dumped)
[root@snort snort-1.8.1-rc1]# gdb -c core /usr/local/bin/snort
#0  0x08053155 in mSearch (buf=0x40549078 'ÿ' <repeats 80 times>,
"Pumpkins", blen=65535,
    ptrn=0x8104938 "\220\eÀ\017\202\020 \027\221Ð \b", plen=12,
skip=0x8104950, shift=0x8104d58) at mstring.c:486
486             }
(gdb) bt
#0  0x08053155 in mSearch (buf=0x40549078 'ÿ' <repeats 80 times>,
"Pumpkins", blen=65535,
    ptrn=0x8104938 "\220\eÀ\017\202\020 \027\221Ð \b", plen=12,
skip=0x8104950, shift=0x8104d58) at mstring.c:486
#1  0x080593c7 in CheckANDPatternMatch (p=0xbfffeff0, otn_idx=0x8103dd8,
fp_list=0x8104d90)
    at sp_pattern_match.c:781
#2  0x08059881 in CheckTcpFlags (p=0xbfffeff0, otn_idx=0x8103dd8,
fp_list=0x81048c8) at sp_tcp_flag_check.c:238
#3  0x08056a8b in EvalOpts (List=0x8103dd8, p=0xbfffeff0) at rules.c:4047
#4  0x080567c5 in EvalHeader (rtn_idx=0x8102c38, p=0xbfffeff0) at
rules.c:3766
#5  0x08056750 in EvalPacket (List=0x80a07d8, mode=2, p=0xbfffeff0) at
rules.c:3694
#6  0x080565cc in Detect (p=0xbfffeff0) at rules.c:3587
#7  0x080563db in Preprocess (p=0xbfffeff0) at rules.c:3432
#8  0x0804b7ef in ProcessPacket (user=0x0, pkthdr=0xbffff4e0, pkt=0x40549042
"") at snort.c:534
#9  0x08078686 in packet_ring_recv () at eval.c:41
#10 0x080789af in pcap_read () at eval.c:41
#11 0x0807965f in pcap_loop () at eval.c:41
#12 0x0804cbe3 in InterfaceThread (arg=0x0) at snort.c:1561
#13 0x0804b6bf in main (argc=8, argv=0xbffff73c) at snort.c:467
#14 0x40171177 in __libc_start_main (main=0x804b040 <main>, argc=8,
ubp_av=0xbffff73c, init=0x804a498 <_init>,
    fini=0x8083050 <_fini>, rtld_fini=0x4000e184 <_dl_fini>,
stack_end=0xbffff72c)
    at ../sysdeps/generic/libc-start.c:129

[root@snort snort-1.8.1-rc1]# egrep -v '^#' /usr/local/etc/snort.conf |egrep
-v '^$'
var INTERNAL any
var EXTERNAL any
var SMTP $INTERNAL
var HTTP_SERVERS $INTERNAL
var SQL_SERVERS $INTERNAL
var DNS_SERVERS $INTERNAL
preprocessor frag2
preprocessor stream4: keepstats machine, memcap 67108864, noalerts
preprocessor rpc_decode: 111
preprocessor bo: -nobrute
preprocessor telnet_decode
include classification.config
include vision18.rules

Rules file (also saved):

[pjm3@snort pjm3]$ ls -l /usr/local/etc/vision18.rules
total 7616
-rw-r--r--    1 root     root        98831 Aug 16 11:28
/usr/local/etc/vision18.rules


I have the core and binary saved if anyone wants anything else. Operating
system is RedHat 7.1 (stock) intel.

Regards,
Phil

+------------------------------------------+
| Phil Mayers                              |
| Network & Infrastructure Group           |
| Information & Communication Technologies |
| Imperial College                         |
+------------------------------------------+

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: