Re: Crash using the latest build from Git

[Russ via Snort-users <snort-users () lists snort org>]

Ouch.  We're on it.  Thanks.

On 10/19/17 10:46 AM, João Soares via Snort-users wrote:
> Hello everyone,
>
> I've just updated my Snort++ build to the latest one directly from git,
> and I'm getting a crash.
>
> Here goes the version details and the backtrace:
>
>     ,,_     -*> Snort++ <*-
>    o"  )~   Version 3.0.0 (Build 239) from 2.9.8-383
>     ''''    By Martin Roesch & The Snort Team
>             http://snort.org/contact#team
>             Copyright (C) 2014-2017 Cisco and/or its affiliates. All
> rights reserved.
>             Copyright (C) 1998-2013 Sourcefire, Inc., et al.
>             Using DAQ version 2.2.2
>             Using LuaJIT version 2.0.4
>             Using OpenSSL 1.0.2k-fips  26 Jan 2017
>             Using libpcap version 1.5.3
>             Using PCRE version 8.32 2012-11-30
>             Using ZLIB version 1.2.7
>             Using LZMA version 5.2.2
>
> snort:
> /usr/local/src/snort3/src/service_inspectors/http_inspect/http_stream_splitter_reassemble.cc:362:
> virtual const StreamBuffer HttpStreamSplitter::reassemble(Flow*,
> unsigned int, unsigned int, const uint8_t*, unsigned int, uint32_t,
> unsigned int&): Assertion `(session_data->octets_expected[source_id] ==
> total) || (!session_data->strict_length[source_id] && (total <=
> session_data->octets_expected[source_id]))' failed.
>
> Program received signal SIGABRT, Aborted.
> [Switching to Thread 0x7fffeb1ff700 (LWP 14315)]
> 0x00007ffff57ec1f7 in raise () from /lib64/libc.so.6
> Missing separate debuginfos, use: debuginfo-install
> glibc-2.17-196.el7.x86_64 hwloc-libs-1.11.2-2.el7.x86_64
> libdnet-1.12-13.1.el7.x86_64 libgcc-4.8.5-16.el7.x86_64
> libpcap-1.5.3-9.el7.x86_64 libstdc++-4.8.5-16.el7.x86_64
> libtool-ltdl-2.4.2-22.el7_3.x86_64 luajit-2.0.4-3.el7.x86_64
> numactl-libs-2.0.9-6.el7_2.x86_64 openssl-libs-1.0.2k-8.el7.x86_64
> pcre-8.32-17.el7.x86_64 xz-libs-5.2.2-1.el7.x86_64 zlib-1.2.7-17.el7.x86_64
> (gdb) bt
> #0  0x00007ffff57ec1f7 in raise () from /lib64/libc.so.6
> #1  0x00007ffff57ed8e8 in abort () from /lib64/libc.so.6
> #2  0x00007ffff57e5266 in __assert_fail_base () from /lib64/libc.so.6
> #3  0x00007ffff57e5312 in __assert_fail () from /lib64/libc.so.6
> #4  0x0000000000590748 in HttpStreamSplitter::reassemble
> (this=0x7fff2020a210, flow=0x7fff8a633320, total=269,
>      data=0x7fff20b51f60 "HTTP/1.1 200 OK\r\nCache-Control:
> private\r\nContent-Type: text/html; charset=utf-8\r\nServer:
> Microsoft-IIS/7.5\r\nX-AspNet-Version: 4.0.30319\r\nX-Powered-By:
> ASP.NET\r\nDate: Thu, 19 Oct 2017 14:36:44 GMT\r\nCon"..., len=269,
> flags=768,
>      copied=@0x7fffeb18ede4: 269) at
> /usr/local/src/snort3/src/service_inspectors/http_inspect/http_stream_splitter_reassemble.cc:360
> #5  0x00000000005bee94 in TcpReassembler::flush_data_segments
> (this=0x7fff20209cb0, p=0x7fffb829feb0, total=269, pdu=0x7fffb827d9d0)
>      at /usr/local/src/snort3/src/stream/tcp/tcp_reassembler.cc:455
> #6  0x00000000005bf6ba in TcpReassembler::_flush_to_seq
> (this=0x7fff20209cb0, bytes=269, p=0x7fffb829feb0, pkt_flags=64)
>      at /usr/local/src/snort3/src/stream/tcp/tcp_reassembler.cc:619
> #7  0x00000000005bfb0b in TcpReassembler::flush_to_seq
> (this=0x7fff20209cb0, bytes=269, p=0x7fffb829feb0, pkt_flags=64)
>      at /usr/local/src/snort3/src/stream/tcp/tcp_reassembler.cc:707
> #8  0x00000000005bffaf in TcpReassembler::flush_stream
> (this=0x7fff20209cb0, p=0x7fffb829feb0, dir=64, final_flush=true)
>      at /usr/local/src/snort3/src/stream/tcp/tcp_reassembler.cc:810
> #9  0x00000000005c0023 in TcpReassembler::final_flush
> (this=0x7fff20209cb0, p=0x7fffb829feb0, dir=64)
>      at /usr/local/src/snort3/src/stream/tcp/tcp_reassembler.cc:821
> #10 0x00000000005c0310 in TcpReassembler::flush_queued_segments
> (this=0x7fff20209cb0, flow=0x7fff8a633320, clear=true,
>      p=0x7fffb829feb0) at
> /usr/local/src/snort3/src/stream/tcp/tcp_reassembler.cc:874
> #11 0x00000000005a983d in TcpSession::clear_session
> (this=0x7fff20209880, free_flow_data=true, flush_segments=true,
> restart=false,
>      p=0x7fffb829feb0) at
> /usr/local/src/snort3/src/stream/tcp/tcp_session.cc:146
> #12 0x00000000005ac07f in TcpSession::cleanup_session_if_expired
> (this=0x7fff20209880, p=0x7fffb829feb0)
>      at /usr/local/src/snort3/src/stream/tcp/tcp_session.cc:1007
> #13 0x00000000005ac0d1 in TcpSession::precheck (this=0x7fff20209880,
> p=0x7fffb829feb0)
>      at /usr/local/src/snort3/src/stream/tcp/tcp_session.cc:1018
> #14 0x000000000060f90a in FlowControl::process (this=0x7fffb854e6f0,
> flow=0x7fff8a633320, p=0x7fffb829feb0)
>      at /usr/local/src/snort3/src/flow/flow_control.cc:410
> ---Type <return> to continue, or q <return> to quit---
> #15 0x00000000006101c6 in FlowControl::process_tcp (this=0x7fffb854e6f0,
> p=0x7fffb829feb0)
>      at /usr/local/src/snort3/src/flow/flow_control.cc:616
> #16 0x000000000059e90e in StreamBase::eval (this=0x135e180,
> p=0x7fffb829feb0)
>      at /usr/local/src/snort3/src/stream/base/stream_base.cc:234
> #17 0x00000000004a00e4 in execute (p=0x7fffb829feb0, prep=0x149fcc0, num=1)
>      at /usr/local/src/snort3/src/managers/inspector_manager.cc:878
> #18 0x00000000004a039f in InspectorManager::execute (p=0x7fffb829feb0)
>      at /usr/local/src/snort3/src/managers/inspector_manager.cc:935
> #19 0x0000000000621413 in DetectionEngine::inspect (p=0x7fffb829feb0) at
> /usr/local/src/snort3/src/detection/detection_engine.cc:344
> #20 0x00000000004d592d in Snort::process_packet (p=0x7fffb829feb0,
> pkthdr=0x7fffeb18f310,
>      pkt=0x7fffe43ca042 "T\242t\357\031yP=\345;\177\277\201",
> is_frag=false) at /usr/local/src/snort3/src/main/snort.cc:872
> #21 0x00000000004d5c9d in Snort::packet_callback (pkthdr=0x7fffeb18f310,
> pkt=0x7fffe43ca042 "T\242t\357\031yP=\345;\177\277\201")
>      at /usr/local/src/snort3/src/main/snort.cc:975
> #22 0x000000000069a4b1 in pcap_process_loop (user=0x7fffb8000a50
> "\300\b", pkth=<optimized out>,
>      data=0x7fffe43ca042 "T\242t\357\031yP=\345;\177\277\201") at
> daq_pcap.c:376
> #23 0x00007ffff797b99e in pcap_handle_packet_mmap () from
> /lib64/libpcap.so.1
> #24 0x00007ffff797fb11 in pcap_read_linux_mmap_v2 () from
> /lib64/libpcap.so.1
> #25 0x000000000069a5db in pcap_daq_acquire (handle=0x7fffb8000a50,
> cnt=0, callback=<optimized out>, metaback=<optimized out>,
>      user=<optimized out>) at daq_pcap.c:394
> #26 0x0000000000670888 in SFDAQInstance::acquire (this=0x7fffb8000980,
> max=0,
>      callback=0x4d5b82 <Snort::packet_callback(void*, _daq_pkthdr const*,
> unsigned char const*)>)
>      at /usr/local/src/snort3/src/packet_io/sfdaq.cc:513
> #27 0x00000000004c1f5c in Analyzer::analyze (this=0x1551040) at
> /usr/local/src/snort3/src/main/analyzer.cc:161
> #28 0x00000000004c1d50 in Analyzer::operator() (this=0x1551040,
> ps=0x1553f60, run_num=11)
>      at /usr/local/src/snort3/src/main/analyzer.cc:99
> #29 0x000000000049e174 in std::__invoke<Analyzer<Swapper*, unsigned
> short> > (__f=...) at /usr/include/c++/4.8.2/functional:234
> #30 0x000000000049e113 in
> std::reference_wrapper<Analyzer>::operator()<Swapper*, unsigned
> short>(Swapper*&&, unsigned short&&) const
>      (this=0x1553d40) at /usr/include/c++/4.8.2/functional:467
> ---Type <return> to continue, or q <return> to quit---
> #31 0x000000000049e077 in
> std::_Bind_simple<std::reference_wrapper<Analyzer> (Swapper*, unsigned
> short)>::_M_invoke<0ul, 1ul>(std::_Index_tuple<0ul, 1ul>)
> (this=0x1553d30) at /usr/include/c++/4.8.2/functional:1732
> #32 0x000000000049df2f in
> std::_Bind_simple<std::reference_wrapper<Analyzer> (Swapper*, unsigned
> short)>::operator()() (
>      this=0x1553d30) at /usr/include/c++/4.8.2/functional:1720
> #33 0x000000000049dec8 in
> std::thread::_Impl<std::_Bind_simple<std::reference_wrapper<Analyzer>
> (Swapper*, unsigned short)> >::_M_run() (this=0x1553d18) at
> /usr/include/c++/4.8.2/thread:115
> #34 0x00007ffff61472b0 in ?? () from /lib64/libstdc++.so.6
> #35 0x00007ffff7349e25 in start_thread () from /lib64/libpthread.so.0
> #36 0x00007ffff58af34d in clone () from /lib64/libc.so.6
>
> If there is any additional information I can provide, please say so!
>
> Thank you for your attention,
>
> Best regards,

_______________________________________________
Snort-users mailing list
Snort-users () lists snort org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!