Snort mailing list archives
Re: Crash using the latest build from Git
From: Russ via Snort-users <snort-users () lists snort org>
Date: Thu, 19 Oct 2017 10:57:11 -0400
Ouch. We're on it. Thanks. On 10/19/17 10:46 AM, João Soares via Snort-users wrote:
Hello everyone, I've just updated my Snort++ build to the latest one directly from git, and I'm getting a crash. Here goes the version details and the backtrace: ,,_ -*> Snort++ <*- o" )~ Version 3.0.0 (Build 239) from 2.9.8-383 '''' By Martin Roesch & The Snort Team http://snort.org/contact#team Copyright (C) 2014-2017 Cisco and/or its affiliates. All rights reserved. Copyright (C) 1998-2013 Sourcefire, Inc., et al. Using DAQ version 2.2.2 Using LuaJIT version 2.0.4 Using OpenSSL 1.0.2k-fips 26 Jan 2017 Using libpcap version 1.5.3 Using PCRE version 8.32 2012-11-30 Using ZLIB version 1.2.7 Using LZMA version 5.2.2 snort: /usr/local/src/snort3/src/service_inspectors/http_inspect/http_stream_splitter_reassemble.cc:362: virtual const StreamBuffer HttpStreamSplitter::reassemble(Flow*, unsigned int, unsigned int, const uint8_t*, unsigned int, uint32_t, unsigned int&): Assertion `(session_data->octets_expected[source_id] == total) || (!session_data->strict_length[source_id] && (total <= session_data->octets_expected[source_id]))' failed. Program received signal SIGABRT, Aborted. [Switching to Thread 0x7fffeb1ff700 (LWP 14315)] 0x00007ffff57ec1f7 in raise () from /lib64/libc.so.6 Missing separate debuginfos, use: debuginfo-install glibc-2.17-196.el7.x86_64 hwloc-libs-1.11.2-2.el7.x86_64 libdnet-1.12-13.1.el7.x86_64 libgcc-4.8.5-16.el7.x86_64 libpcap-1.5.3-9.el7.x86_64 libstdc++-4.8.5-16.el7.x86_64 libtool-ltdl-2.4.2-22.el7_3.x86_64 luajit-2.0.4-3.el7.x86_64 numactl-libs-2.0.9-6.el7_2.x86_64 openssl-libs-1.0.2k-8.el7.x86_64 pcre-8.32-17.el7.x86_64 xz-libs-5.2.2-1.el7.x86_64 zlib-1.2.7-17.el7.x86_64 (gdb) bt #0 0x00007ffff57ec1f7 in raise () from /lib64/libc.so.6 #1 0x00007ffff57ed8e8 in abort () from /lib64/libc.so.6 #2 0x00007ffff57e5266 in __assert_fail_base () from /lib64/libc.so.6 #3 0x00007ffff57e5312 in __assert_fail () from /lib64/libc.so.6 #4 0x0000000000590748 in HttpStreamSplitter::reassemble (this=0x7fff2020a210, flow=0x7fff8a633320, total=269, data=0x7fff20b51f60 "HTTP/1.1 200 OK\r\nCache-Control: private\r\nContent-Type: text/html; charset=utf-8\r\nServer: Microsoft-IIS/7.5\r\nX-AspNet-Version: 4.0.30319\r\nX-Powered-By: ASP.NET\r\nDate: Thu, 19 Oct 2017 14:36:44 GMT\r\nCon"..., len=269, flags=768, copied=@0x7fffeb18ede4: 269) at /usr/local/src/snort3/src/service_inspectors/http_inspect/http_stream_splitter_reassemble.cc:360 #5 0x00000000005bee94 in TcpReassembler::flush_data_segments (this=0x7fff20209cb0, p=0x7fffb829feb0, total=269, pdu=0x7fffb827d9d0) at /usr/local/src/snort3/src/stream/tcp/tcp_reassembler.cc:455 #6 0x00000000005bf6ba in TcpReassembler::_flush_to_seq (this=0x7fff20209cb0, bytes=269, p=0x7fffb829feb0, pkt_flags=64) at /usr/local/src/snort3/src/stream/tcp/tcp_reassembler.cc:619 #7 0x00000000005bfb0b in TcpReassembler::flush_to_seq (this=0x7fff20209cb0, bytes=269, p=0x7fffb829feb0, pkt_flags=64) at /usr/local/src/snort3/src/stream/tcp/tcp_reassembler.cc:707 #8 0x00000000005bffaf in TcpReassembler::flush_stream (this=0x7fff20209cb0, p=0x7fffb829feb0, dir=64, final_flush=true) at /usr/local/src/snort3/src/stream/tcp/tcp_reassembler.cc:810 #9 0x00000000005c0023 in TcpReassembler::final_flush (this=0x7fff20209cb0, p=0x7fffb829feb0, dir=64) at /usr/local/src/snort3/src/stream/tcp/tcp_reassembler.cc:821 #10 0x00000000005c0310 in TcpReassembler::flush_queued_segments (this=0x7fff20209cb0, flow=0x7fff8a633320, clear=true, p=0x7fffb829feb0) at /usr/local/src/snort3/src/stream/tcp/tcp_reassembler.cc:874 #11 0x00000000005a983d in TcpSession::clear_session (this=0x7fff20209880, free_flow_data=true, flush_segments=true, restart=false, p=0x7fffb829feb0) at /usr/local/src/snort3/src/stream/tcp/tcp_session.cc:146 #12 0x00000000005ac07f in TcpSession::cleanup_session_if_expired (this=0x7fff20209880, p=0x7fffb829feb0) at /usr/local/src/snort3/src/stream/tcp/tcp_session.cc:1007 #13 0x00000000005ac0d1 in TcpSession::precheck (this=0x7fff20209880, p=0x7fffb829feb0) at /usr/local/src/snort3/src/stream/tcp/tcp_session.cc:1018 #14 0x000000000060f90a in FlowControl::process (this=0x7fffb854e6f0, flow=0x7fff8a633320, p=0x7fffb829feb0) at /usr/local/src/snort3/src/flow/flow_control.cc:410 ---Type <return> to continue, or q <return> to quit--- #15 0x00000000006101c6 in FlowControl::process_tcp (this=0x7fffb854e6f0, p=0x7fffb829feb0) at /usr/local/src/snort3/src/flow/flow_control.cc:616 #16 0x000000000059e90e in StreamBase::eval (this=0x135e180, p=0x7fffb829feb0) at /usr/local/src/snort3/src/stream/base/stream_base.cc:234 #17 0x00000000004a00e4 in execute (p=0x7fffb829feb0, prep=0x149fcc0, num=1) at /usr/local/src/snort3/src/managers/inspector_manager.cc:878 #18 0x00000000004a039f in InspectorManager::execute (p=0x7fffb829feb0) at /usr/local/src/snort3/src/managers/inspector_manager.cc:935 #19 0x0000000000621413 in DetectionEngine::inspect (p=0x7fffb829feb0) at /usr/local/src/snort3/src/detection/detection_engine.cc:344 #20 0x00000000004d592d in Snort::process_packet (p=0x7fffb829feb0, pkthdr=0x7fffeb18f310, pkt=0x7fffe43ca042 "T\242t\357\031yP=\345;\177\277\201", is_frag=false) at /usr/local/src/snort3/src/main/snort.cc:872 #21 0x00000000004d5c9d in Snort::packet_callback (pkthdr=0x7fffeb18f310, pkt=0x7fffe43ca042 "T\242t\357\031yP=\345;\177\277\201") at /usr/local/src/snort3/src/main/snort.cc:975 #22 0x000000000069a4b1 in pcap_process_loop (user=0x7fffb8000a50 "\300\b", pkth=<optimized out>, data=0x7fffe43ca042 "T\242t\357\031yP=\345;\177\277\201") at daq_pcap.c:376 #23 0x00007ffff797b99e in pcap_handle_packet_mmap () from /lib64/libpcap.so.1 #24 0x00007ffff797fb11 in pcap_read_linux_mmap_v2 () from /lib64/libpcap.so.1 #25 0x000000000069a5db in pcap_daq_acquire (handle=0x7fffb8000a50, cnt=0, callback=<optimized out>, metaback=<optimized out>, user=<optimized out>) at daq_pcap.c:394 #26 0x0000000000670888 in SFDAQInstance::acquire (this=0x7fffb8000980, max=0, callback=0x4d5b82 <Snort::packet_callback(void*, _daq_pkthdr const*, unsigned char const*)>) at /usr/local/src/snort3/src/packet_io/sfdaq.cc:513 #27 0x00000000004c1f5c in Analyzer::analyze (this=0x1551040) at /usr/local/src/snort3/src/main/analyzer.cc:161 #28 0x00000000004c1d50 in Analyzer::operator() (this=0x1551040, ps=0x1553f60, run_num=11) at /usr/local/src/snort3/src/main/analyzer.cc:99 #29 0x000000000049e174 in std::__invoke<Analyzer<Swapper*, unsigned short> > (__f=...) at /usr/include/c++/4.8.2/functional:234 #30 0x000000000049e113 in std::reference_wrapper<Analyzer>::operator()<Swapper*, unsigned short>(Swapper*&&, unsigned short&&) const (this=0x1553d40) at /usr/include/c++/4.8.2/functional:467 ---Type <return> to continue, or q <return> to quit--- #31 0x000000000049e077 in std::_Bind_simple<std::reference_wrapper<Analyzer> (Swapper*, unsigned short)>::_M_invoke<0ul, 1ul>(std::_Index_tuple<0ul, 1ul>) (this=0x1553d30) at /usr/include/c++/4.8.2/functional:1732 #32 0x000000000049df2f in std::_Bind_simple<std::reference_wrapper<Analyzer> (Swapper*, unsigned short)>::operator()() ( this=0x1553d30) at /usr/include/c++/4.8.2/functional:1720 #33 0x000000000049dec8 in std::thread::_Impl<std::_Bind_simple<std::reference_wrapper<Analyzer> (Swapper*, unsigned short)> >::_M_run() (this=0x1553d18) at /usr/include/c++/4.8.2/thread:115 #34 0x00007ffff61472b0 in ?? () from /lib64/libstdc++.so.6 #35 0x00007ffff7349e25 in start_thread () from /lib64/libpthread.so.0 #36 0x00007ffff58af34d in clone () from /lib64/libc.so.6 If there is any additional information I can provide, please say so! Thank you for your attention, Best regards,
_______________________________________________ Snort-users mailing list Snort-users () lists snort org Go to this URL to change user options or unsubscribe: https://lists.snort.org/mailman/listinfo/snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Crash using the latest build from Git João Soares via Snort-users (Oct 19)
- Re: Crash using the latest build from Git Russ via Snort-users (Oct 19)
- Re: Crash using the latest build from Git Russ via Snort-users (Oct 19)
- Re: Crash using the latest build from Git Russ via Snort-users (Oct 24)
- Re: Crash using the latest build from Git João Soares via Snort-users (Oct 24)
- Re: Crash using the latest build from Git Russ via Snort-users (Oct 19)
- Re: Crash using the latest build from Git Russ via Snort-users (Oct 19)