![snort logo](/images/snort-logo.png)
Snort mailing list archives
RE: rule update causes seg fault
From: "McGuire, Dennis" <dmcguire () brierley com>
Date: Thu, 4 Dec 2003 13:47:20 -0600
-----Original Message----- From: Josh.Sakofsky () donovandata com [mailto:Josh.Sakofsky () donovandata com] Sent: Wednesday, December 03, 2003 1:10 PM To: snort-users () lists sourceforge net Subject: [Snort-users] rule update causes seg fault any ideas on this? when i updated my rule set to the latest stable release, i get a seg
fault.... Me too :-) RH 7.3, snort 2.0.5 Build 98, snortrules-stable.tar.gz as applied by oinkmaster. 2 intfs, one for mgmt, one for sniffing. Runs for anywhere from a few mins to overnite. I suspect it's therefore packet/payload or rule related. Running gdb on /usr/local/bin/snort & then: (gdb) run -U -o -i eth1 -d -c /etc/snort/snort.conf produces: ============================================================================ =========== -*> Snort! <*- Version 2.0.5 (Build 98) By Martin Roesch (roesch () sourcefire com, www.snort.org) Program received signal SIGSEGV, Segmentation fault. otnx_match (id=0, index=160, data=0x809d294) at fpdetect.c:625 625 RULE_NODE *rnNode = (RULE_NODE*)(pmx->RuleNode); (gdb) bt #0 otnx_match (id=0, index=160, data=0x809d294) at fpdetect.c:625 #1 0x0806648f in mwmSearchExNoBC (ps=0x872ed50, Tx=0x809d3c0 "/HG?HC=WE09&HB=DM53112479CS71EN3&CD=1&HV=6&N=WELCOME TO AOL.COM&CON=&VCON=/&CE=Y&SS=1024*768&SC=8&SV=13&CMP=&GP=&DCMP=&CY=LAN&HP=N&L N=EN-US&CP=NULL&FNL=(7307,1)|(7304,1)&PEC=&VPC=090101R&VJS=090101.07"..., n=343, Tc=0x8125240 "/HG?hc=we09&hb=DM53112479CS71EN3&cd=1&hv=6&n=Welcome to AOL.com&con=&vcon=/&ce=y&ss=1024*768&sc=8&sv=13&cmp=&gp=&dcmp=&cy=lan&hp=n&l n=en-us&cp=null&fnl=(7307,1)|(7304,1)&pec=&vpc=090101r&vjs=090101.07"..., match=0x805d5f4 <otnx_match>, data=0x809d294) at mwm.c:916 #2 0x08066f2a in mwmSearch (pv=0x872ed50, T=0x8125240 "/HG?hc=we09&hb=DM53112479CS71EN3&cd=1&hv=6&n=Welcome to AOL.com&con=&vcon=/&ce=y&ss=1024*768&sc=8&sv=13&cmp=&gp=&dcmp=&cy=lan&hp=n&l n=en-us&cp=null&fnl=(7307,1)|(7304,1)&pec=&vpc=090101r&vjs=090101.07"..., n=343, match=0x805d5f4 <otnx_match>, data=0x809d294) at mwm.c:1405 #3 0x0805d96e in fpEvalPacket (p=0xbffff4c0) at fpdetect.c:910 #4 0x0805aabe in Detect (p=0xbffff4c0) at detect.c:314 #5 0x0805a81e in Preprocess (p=0xbffff4c0) at detect.c:117 #6 0x08055e68 in ProcessPacket (user=0x0, pkthdr=0xbffff990, pkt=0x81eb910 "") at snort.c:603 #7 0x4001cb53 in pcap_read_packet (handle=0x81eb770, callback=0x8055d58 <ProcessPacket>, userdata=0x0) at ./pcap-linux.c:446 #8 0x4001dc9f in pcap_loop (p=0x81eb770, cnt=-1, callback=0x8055d58 <ProcessPacket>, user=0x0) at ./pcap.c:79 #9 0x08056fc1 in InterfaceThread (arg=0x0) at snort.c:1533 #10 0x08055d4c in SnortMain (argc=8, argv=0xbffffb74) at snort.c:541 #11 0x42017589 in __libc_start_main () from /lib/i686/libc.so.6 Thx!
Current thread:
- rule update causes seg fault Josh . Sakofsky (Dec 03)
- <Possible follow-ups>
- RE: rule update causes seg fault McGuire, Dennis (Dec 04)