[Snort-devel] Coredump in TCP Stream Reassembly

Christopher Cramer cec at ...56...
Mon Dec 4 11:40:55 EST 2000


Does this happen immediately after starting snort, or just periodically?

I don't think this is an alignment problem since we are working here with
u_char buffers.  It seems to be an issue with not having enough data in
the dynamically allocated buffers.  From gdb, can you "print *sptr" and
send me the results?

Thanks,
Chris


On Mon, 4 Dec 2000, Erich Meier wrote:

> Hi!
> 
> The latest CVS version dumped core on my SPARC Solaris. It appears to be within
> the TCP stream reassembly:
> 
> # gdb /local/snort/bin/snort ./core
> Program terminated with signal 11, Segmentation fault.
> #0  0x2ed84 in TcpStreamPacket (p=0xeffff2a8) at spp_tcp_stream.c:355
> 355                     if (sptr->s_buf[i-1] == 0xa || sptr->s_buf[i-1] == 0xd)
> (gdb) bt
> #0  0x2ed84 in TcpStreamPacket (p=0xeffff2a8) at spp_tcp_stream.c:355
> #1  0x216c0 in Preprocess (p=0xeffff2a8) at rules.c:2958
> #2  0x17f84 in ProcessPacket (user=0x0, pkthdr=0xeffff758, pkt=0x6635a "")
>     at snort.c:455
> #3  0x3047c in pcap_read ()
> #4  0x31190 in pcap_loop ()
> #5  0x18f8c in InterfaceThread (arg=0x61028) at snort.c:1252
> #6  0x17e38 in main (argc=0, argv=0xeffff944) at snort.c:392
> (gdb) print i
> $1 = 512
> 
> Seems to be a typical SPARC alignment problem.
> 
> Erich
> -- 
> Erich Meier                              Erich.Meier at ...2...
>                                  http://www4.informatik.uni-erlangen.de/~meier/
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
> http://lists.sourceforge.net/mailman/listinfo/snort-devel
> 




More information about the Snort-devel mailing list