Snort mailing list archives
RE: Snort 1.8.1 WIN32 MSSQL
From: "John Kirk" <jkirk00 () home com>
Date: Thu, 30 Aug 2001 10:38:41 -0400
Chris, Thanks for the reply. I'm green at working with source code but I went and tried to compile the WIN32 source. I can't compile with the following error: Linking... ..\Win32-Libraries\libpcap.lib : fatal error LNK1127: library is corrupt Guess I'll have to wait for the next release or learn how to use visual C ! Thanks, jk -----Original Message----- From: Chris Reid [mailto:Chris.Reid () CodeCraftConsultants com] Sent: Tuesday, August 28, 2001 3:08 AM To: John Kirk; snort-users () lists sourceforge net Subject: Re: [Snort-users] Snort 1.8.1 WIN32 MSSQL John, I used the symptoms you described to help me narrow down the cause of the crashes (or rather what I think is the cause). I found one line of code in "spo_database.c" that writes into a buffer without checking if the buffer will overflow. (Bad me!!) If you have the source code for Snort, make the following change yourself and test it out. If you don't have the source, you'll need to wait for a little bit for things to propagate through the appropriate channels. I submitted the fix to Jed Pickel earlier this evening. I assume he'll put the fix into the official Snort source fairly quickly. Then it will be up to the guys at Silicon Defence to build and release a current version of the MSSQL build. Anyway, here is the fix... (sorry for the line-wrap -- remember to keep it all on one line in your source code) Line 65 is currently: #define SAVESTATEMENT(str) strcpy(g_CurrentStatement, str); Line 65 should become: #define SAVESTATEMENT(str) strncpy(g_CurrentStatement, str, sizeof(g_CurrentStatement)-1); Chris Reid ----- Original Message ----- From: "John Kirk" <jkirk00 () home com> To: <snort-users () lists sourceforge net> Sent: Sunday, August 26, 2001 5:24 AM Subject: [Snort-users] Snort 1.8.1 WIN32 MSSQL
Having difficult time getting 1.8.1 WIN32 MSSQL stable. Snort.exe crashes with fatal error "snort.exe has generated errors and will be closed by Windows, you will need to restart the program, an error log is being created" This occurs as soon as an alert is logged to MSSQL. The alert is completely logged to MSSQL before the crash. I'm using default rule sets at this point. I've run 1.8.1 logging to mysql on the same WIN2k box since it's release and it is rock solid stable. I also tried running on a test box and MSSQL build creates the same fatal error. Thanks, jk
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort 1.8.1 Win32 MSSQL Burleson, Lee (IA) (Aug 24)
- Re: Snort 1.8.1 Win32 MSSQL Chris Reid (Aug 24)
- <Possible follow-ups>
- RE: Snort 1.8.1 Win32 MSSQL Burleson, Lee (IA) (Aug 24)
- Snort 1.8.1 WIN32 MSSQL John Kirk (Aug 26)
- Re: Snort 1.8.1 WIN32 MSSQL Chris Reid (Aug 28)
- RE: Snort 1.8.1 WIN32 MSSQL John Kirk (Aug 30)
- Re: Corrupt binaries in CVS (was: Snort 1.8.1 WIN32 MSSQL) Chris Reid (Aug 31)
- Re: Corrupt binaries in CVS (was: Snort 1.8.1 WIN32 MSSQL) Olaf Schreck (Aug 31)
- Re: Snort 1.8.1 WIN32 MSSQL Chris Reid (Aug 28)