Snort mailing list archives

Re: Snort ver 1.8.4-beta2 gives bus error.....

From: Chris Green <cmg () uab edu>
Date: Tue, 26 Feb 2002 06:57:15 -0600

"PAD HOSMANE" <phosmane () apollo fedworld gov> writes:

Hi,
  I compiled snort 1.8.4-beta2 on HP-UX 11.00 (with GCC 3.0.1). I ran
configure with follwoing options


Ok, thanks for trying to compile ( and rereporting your bug, I had
meant to ask about it earlier ).  I don't have experience with solving
alignment problems but the only way I can think to solve it right now
(and ones like it) is to create a union thats the size of the full
type and assign both fields directly into it.

What's happening is snort is trying to copy a u_int8_t into a field
that's 4 bits long.

Hrm is this HP-UX little endian or big endian?  I assume big but I
would have thought it failed on the stream_pkt->iph->ip_hlen
assignment instead.

stream_pkt->iph->ip_ver = stream_pkt->iph->ip_ver & 0x4

#0  0x7c46c in InitStream4Pkt () at spp_stream4.c:2916
2916        stream_pkt->iph->ip_ver   = 0x4;
(gdb) where
#0  0x7c46c in InitStream4Pkt () at spp_stream4.c:2916
#1  0x75438 in Stream4Init (args=0x40058d00 "detect_scans") at
spp_stream4.c:587
#2  0x29fc0 in ParsePreprocessor (rule=0x7f7f0f38 "preprocessor stream4:
detect_scans") at rules.c:1327
#3  0x28cfc in ParseRule (rule_file=0x7f7d9d30, prule=0x7f7f0a30
"preprocessor stream4: detect_scans", inclevel=0) at rules.c:539
#4  0x28388 in ParseRulesFile (file=0x400349a4 "/etc/snort.conf",
inclevel=0) at rules.c:198
#5  0x1bc64 in ReadConfFile () at snort.c:3316
#6  0x14b98 in main (argc=5, argv=0x7f7f0764) at snort.c:189


Any help is greatly appreciated.

Thanks



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


-- 
Chris Green <cmg () uab edu>
A good pun is its own reword.

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Snort ver 1.8.4-beta2 gives bus error..... PAD HOSMANE (Feb 25)
- Re: Snort ver 1.8.4-beta2 gives bus error..... Chris Green (Feb 26)
  - RE: Snort ver 1.8.4-beta2 gives bus error..... PAD HOSMANE (Feb 26)
    - Re: Snort ver 1.8.4-beta2 gives bus error..... Chris Green (Feb 26)
    - 1.8.1 -> 1.8.3 DB Mike Arrison (Feb 26)
- Re: Snort ver 1.8.4-beta2 gives bus error..... Chris Green (Feb 27)
  - RE: Snort ver 1.8.4-beta2 gives bus error..... PAD HOSMANE (Feb 27)
    - RE: Snort ver 1.8.4-beta2 gives bus error..... PAD HOSMANE (Feb 27)
  - RE: Snort ver 1.8.4-beta2 gives bus error..... PAD HOSMANE (Feb 27)
    - Re: Snort ver 1.8.4-beta2 gives bus error..... Chris Green (Feb 27)
    - RE: Snort ver 1.8.4-beta2 gives bus error..... PAD HOSMANE (Feb 28)
    - Re: Snort ver 1.8.4-beta2 gives bus error..... Chris Green (Feb 28)

(Thread continues...)