Snort mailing list archives

RE: rule update causes seg fault

From: "McGuire, Dennis" <dmcguire () brierley com>
Date: Thu, 4 Dec 2003 13:47:20 -0600

-----Original Message-----
From: Josh.Sakofsky () donovandata com [mailto:Josh.Sakofsky () donovandata com] 
Sent: Wednesday, December 03, 2003 1:10 PM
To: snort-users () lists sourceforge net
Subject: [Snort-users] rule update causes seg fault



any ideas on this? 
when i updated my rule set to the latest stable release, i get a seg

fault.... 

Me too :-)  RH 7.3, snort 2.0.5 Build 98, snortrules-stable.tar.gz as
applied by oinkmaster.  2 intfs, one for mgmt, one for sniffing. Runs for
anywhere from a few mins to overnite.  I suspect it's therefore
packet/payload or rule related.

Running gdb on /usr/local/bin/snort & then:
(gdb) run -U -o -i eth1 -d -c /etc/snort/snort.conf

produces:
============================================================================
===========
-*> Snort! <*-
Version 2.0.5 (Build 98)
By Martin Roesch (roesch () sourcefire com, www.snort.org)

Program received signal SIGSEGV, Segmentation fault.
otnx_match (id=0, index=160, data=0x809d294) at fpdetect.c:625
625         RULE_NODE        *rnNode = (RULE_NODE*)(pmx->RuleNode);
(gdb) bt
#0  otnx_match (id=0, index=160, data=0x809d294) at fpdetect.c:625
#1  0x0806648f in mwmSearchExNoBC (ps=0x872ed50,
    Tx=0x809d3c0 "/HG?HC=WE09&HB=DM53112479CS71EN3&CD=1&HV=6&N=WELCOME TO
AOL.COM&CON=&VCON=/&CE=Y&SS=1024*768&SC=8&SV=13&CMP=&GP=&DCMP=&CY=LAN&HP=N&L
N=EN-US&CP=NULL&FNL=(7307,1)|(7304,1)&PEC=&VPC=090101R&VJS=090101.07"...,
n=343,
    Tc=0x8125240 "/HG?hc=we09&hb=DM53112479CS71EN3&cd=1&hv=6&n=Welcome to
AOL.com&con=&vcon=/&ce=y&ss=1024*768&sc=8&sv=13&cmp=&gp=&dcmp=&cy=lan&hp=n&l
n=en-us&cp=null&fnl=(7307,1)|(7304,1)&pec=&vpc=090101r&vjs=090101.07"...,
match=0x805d5f4 <otnx_match>,
    data=0x809d294) at mwm.c:916
#2  0x08066f2a in mwmSearch (pv=0x872ed50,
    T=0x8125240 "/HG?hc=we09&hb=DM53112479CS71EN3&cd=1&hv=6&n=Welcome to
AOL.com&con=&vcon=/&ce=y&ss=1024*768&sc=8&sv=13&cmp=&gp=&dcmp=&cy=lan&hp=n&l
n=en-us&cp=null&fnl=(7307,1)|(7304,1)&pec=&vpc=090101r&vjs=090101.07"...,
n=343, match=0x805d5f4 <otnx_match>,
    data=0x809d294) at mwm.c:1405
#3  0x0805d96e in fpEvalPacket (p=0xbffff4c0) at fpdetect.c:910
#4  0x0805aabe in Detect (p=0xbffff4c0) at detect.c:314
#5  0x0805a81e in Preprocess (p=0xbffff4c0) at detect.c:117
#6  0x08055e68 in ProcessPacket (user=0x0, pkthdr=0xbffff990, pkt=0x81eb910
"") at snort.c:603
#7  0x4001cb53 in pcap_read_packet (handle=0x81eb770, callback=0x8055d58
<ProcessPacket>, userdata=0x0) at ./pcap-linux.c:446
#8  0x4001dc9f in pcap_loop (p=0x81eb770, cnt=-1, callback=0x8055d58
<ProcessPacket>, user=0x0) at ./pcap.c:79
#9  0x08056fc1 in InterfaceThread (arg=0x0) at snort.c:1533
#10 0x08055d4c in SnortMain (argc=8, argv=0xbffffb74) at snort.c:541
#11 0x42017589 in __libc_start_main () from /lib/i686/libc.so.6

Thx!

Current thread:

rule update causes seg fault Josh . Sakofsky (Dec 03)
- <Possible follow-ups>
- RE: rule update causes seg fault McGuire, Dennis (Dec 04)