Snort mailing list archives
Re: GDB for Snort 1.9.0beta crashes on RH7.3 after 1 attack using mysql output
From: "Roman Danyliw" <roman () danyliw com>
Date: Mon, 12 Aug 2002 13:37:06 -0400 (EDT)
Max, Sorry about my previous post, I missed your later backtrace email message. I just committed a patch to the database plugin that should fix this issue. Please give it a try and confirm that the issue has been resolved. Roman On 05 Aug 2002 19:51:03 -0500, max valdez <max () garaged homeip net> wrote :
I'm getting more insight on the new beta, I can see the alerts on text, but any time I try mysql snort crashes at the first alert log, no hints on /var/log/mysql, or messages, no error at all, only stop working (disapear on ps). I'm making a gdb trace, here it is: ---------------- Rule application order: ->activation->dynamic->alert->pass->log --== Initialization Complete ==-- -*> Snort! <*- Version 1.9.0beta1 (Build 180) By Martin Roesch (roesch () sourcefire com, www.snort.org) Program received signal SIGSEGV, Segmentation fault. 0x08056cc4 in vsnprintf (str=0x857ea08 ",1", count=8192, fmt=0x808302c ",%u", args=0xbfffee1c) at snprintf.c:114 114 DoprEnd[0] = 0; (gdb) where #0 0x08056cc4 in vsnprintf (str=0x857ea08 ",1", count=8192, fmt=0x808302c ",%u", args=0xbfffee1c) at snprintf.c:114 #1 0x08056c84 in snprintf (str=0x857ea08 ",1", count=8192, fmt=0x808302c ",%u") at snprintf.c:93 #2 0x0805f45d in Database (p=0xbfffefc0, msg=0x84d8250 "SHELLCODE x86 NOOP", arg=0x8174cb0, event=0x84d7fe0) at spo_database.c:880 #3 0x0805a0b6 in CallLogFuncs (p=0xbfffefc0, message=0x84d8250 "SHELLCODE x86 NOOP", head=0x80bf200, event=0x84d7fe0) at detect.c:179 #4 0x0805ae80 in AlertAction (p=0xbfffefc0, otn=0x84d7ea0, event=0x84d7fe0) at detect.c:1789 #5 0x0805a481 in EvalHeader (rtn_idx=0x8177598, p=0xbfffefc0, check_ports=0) at detect.c:677 #6 0x0805a369 in EvalPacket (List=0x80bf200, mode=2, p=0xbfffefc0) at detect.c:523 #7 0x0805a268 in Detect (p=0xbfffefc0) at detect.c:311 #8 0x08059f4f in Preprocess (p=0xbfffefc0) at detect.c:86 #9 0x08055110 in ProcessPacket (user=0x0, pkthdr=0xbffff480, pkt=0x8151d1a "") at snort.c:580 #10 0x080713ef in pcap_read_packet () #11 0x08072287 in pcap_loop () #12 0x080563df in InterfaceThread (arg=0x0) at snort.c:1612 #13 0x08054ffb in SnortMain (argc=5, argv=0xbffff674) at snort.c:514 #14 0x42017589 in __libc_start_main () from /lib/i686/libc.so.6 (gdb) bt #0 0x08056cc4 in vsnprintf (str=0x857ea08 ",1", count=8192, fmt=0x808302c ",%u", args=0xbfffee1c) at snprintf.c:114 #1 0x08056c84 in snprintf (str=0x857ea08 ",1", count=8192, fmt=0x808302c ",%u") at snprintf.c:93 #2 0x0805f45d in Database (p=0xbfffefc0, msg=0x84d8250 "SHELLCODE x86 NOOP", arg=0x8174cb0, event=0x84d7fe0) at spo_database.c:880 #3 0x0805a0b6 in CallLogFuncs (p=0xbfffefc0, message=0x84d8250 "SHELLCODE x86 NOOP", head=0x80bf200, event=0x84d7fe0) at detect.c:179 #4 0x0805ae80 in AlertAction (p=0xbfffefc0, otn=0x84d7ea0, event=0x84d7fe0) at detect.c:1789 #5 0x0805a481 in EvalHeader (rtn_idx=0x8177598, p=0xbfffefc0, check_ports=0) at detect.c:677 #6 0x0805a369 in EvalPacket (List=0x80bf200, mode=2, p=0xbfffefc0) at detect.c:523 #7 0x0805a268 in Detect (p=0xbfffefc0) at detect.c:311 #8 0x08059f4f in Preprocess (p=0xbfffefc0) at detect.c:86 #9 0x08055110 in ProcessPacket (user=0x0, pkthdr=0xbffff480, pkt=0x8151d1a "") at snort.c:580 #10 0x080713ef in pcap_read_packet () #11 0x08072287 in pcap_loop () #12 0x080563df in InterfaceThread (arg=0x0) at snort.c:1612 #13 0x08054ffb in SnortMain (argc=5, argv=0xbffff674) at snort.c:514 #14 0x42017589 in __libc_start_main () from /lib/i686/libc.so.6 ---------------------------------. -- -----BEGIN GEEK CODE BLOCK----- GS/
d-s:a-C++ILIHA+++P-L++E--W++N+K-w++++O-M--V--PS+PEY+PGP-tXRtv++b+DI--D+Ge++h---r+++z+++
-----END GEEK CODE BLOCK----- ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------- This sf.net email is sponsored by: Dice - The leading online job board for high-tech professionals. Search and apply for tech jobs today! http://seeker.dice.com/seeker.epl?rel_code=31 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: GDB for Snort 1.9.0beta crashes on RH7.3 after 1 attack using mysql output Roman Danyliw (Aug 12)