[Snort-devel] Bug report snort 1.7

Brockhoven, Werner Werner.Brockhoven at ...208...
Wed Jan 17 07:54:57 EST 2001


> Hello,
> 
> System architecture : x86 (Pentium MMX)
> Operation System : RedHat 6.2 (kernel-2.2.14-5)
> 
> Command switch and errors follow below.
> 
> # snort -v -X -i eth0 icmp
> 
>         --== Initializing Snort ==--
> 
> Initializing Network Interface eth0
> Kernel filter, protocol ALL, raw packet socket
> Decoding Ethernet on interface eth0
> 
>         --== Initialization Complete ==--
> 
> -*> Snort! <*-
> Version 1.7
> By Martin Roesch (roesch at ...16..., www.snort.org)
> 01/17-15:45:59.082841 16.183.38.124 -> 16.183.38.122
> ICMP TTL:128 TOS:0x0 ID:43357 IpLen:20 DgmLen:1500 MF
> Frag Offset: 0x0   Frag Size: 0x5C8
> Got bogus buffer length (1514) for PrintNetData, defaulting to 16 bytes!
> 0x0000: 08 00 2B 87 04 9A 00 50 8B F7 20 9A 08 00 45 00  ..+....P.. ...E.
> 0x0010: 05 DC A9 5D 20 00 80 01 FD 5F 10 B7 26 7C 10 B7  ...] ...._..&|..
> 0x0020: 26 H at ...206...@H at ...206...@&
> 
> =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
> 
> Segmentation fault (core dumped)
> #
> # gdb snort core
> GNU gdb 19991004
> Copyright 1998 Free Software Foundation, Inc.
> GDB is free software, covered by the GNU General Public License, and you
> are
> welcome to change it and/or distribute copies of it under certain
> conditions.
> Type "show copying" to see the conditions.
> There is absolutely no warranty for GDB.  Type "show warranty" for
> details.
> This GDB was configured as "i386-redhat-linux"...
> Core was generated by `snort -v -X -i eth0 icmp'.
> Program terminated with signal 11, Segmentation fault.
> Reading symbols from /lib/libm.so.6...done.
> Reading symbols from /lib/libnsl.so.1...done.
> Reading symbols from /lib/libc.so.6...done.
> Reading symbols from /lib/ld-linux.so.2...done.
> Reading symbols from /lib/libnss_files.so.2...done.
> #0  0x400a60c4 in chunk_free (ar_ptr=0x4013ad40, p=0x8107258) at
> malloc.c:3100
> 3100	malloc.c: No such file or directory.
> (gdb) bt
> #0  0x400a60c4 in chunk_free (ar_ptr=0x4013ad40, p=0x8107258) at
> malloc.c:3100
> #1  0x400a5f9a in __libc_free (mem=0x8107260) at malloc.c:3023
> #2  0x804f10f in ClearDumpBuf () at log.c:698
> #3  0x804c20e in ProcessPacket (user=0x0, pkthdr=0xbffff8a0, 
>     pkt=0x8102bd2 "\b") at snort.c:466
> #4  0x806b5a6 in pcap_read ()
> #5  0x806bed1 in pcap_loop ()
> #6  0x804cf7e in InterfaceThread (arg=0x0) at snort.c:1278
> #7  0x804c107 in main (argc=6, argv=0xbffff9f4) at snort.c:397
> (gdb) 
> 
> Error can be triggered by doing ping -s 60000 ip.
> 
> Regards,
> 	Werner Brockhoven
> 




More information about the Snort-devel mailing list