[Snort-devel] another snort-1.8-RELEASE core

Jason A. Haynes jahaynes at ...502...
Tue Jul 17 01:12:35 EDT 2001


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



Hartmut Prochaska <hartmut.prochaska at ...224...> also pointed this out to me.
I wasn't reading the code closely there.  Oops.

To be sure, I checked and there's nothing in configure, *.in or even *.c
*.h to compete with the system's alloc() library.  The binaries I've
compiled under Linux show calloc as a text symbol being picked up by
GLIBC; this is good.  Is it possible though that Solaris 8 or other
platforms have a broken calloc()?  Mike reported "fixing" this: from
crashes every 3 minutes to 3+ hours with no crash -- see bottom quoted
text.

Oh well, you're probably right that it's getting stomped on from
elsewhere.  Even if it correlates to particular platforms, that means
they share pointer arithmatic & allocation patterns as well as alloc()
implementations.

Sorry for the knee-jerk patch reaction.

Jason

On Mon, 16 Jul 2001, Martin Roesch wrote:

> Hi guys,
>      Something else is getting hammered in there, those pointers are
> initialized to NULL in the calloc above the rest of the code, something
> is stomping the pointers hard.  I'm working on a fix, hopefully I'll
> have something put together shortly.
> 
>      -Marty
> 
> "Jason A. Haynes" wrote:
> > I'd say that's a good call, Mike; saw a couple crashes reported on
> > snort-users about that assertion too.  Here's a patch against the current
> > cvs which I think NULLs out the remaining two cases, including the one you
> > found.
> > 
> > On Wed, 11 Jul 2001, Michael Anderson wrote:
> > 
> > > I took a look at the code and found that snort crashed while trying to
> > > do the following in rules.c line 3426:
> > > assert(idx->func != NULL);
> > >
> > > idx is a pointer to the list PreprocessFuncNode. idx is set to point to
> > > the global list PreprocessList (a list containing all of the
> > > preprocessor functions). The list is then traversed to call each
> > > preprocessor function. It appears that at some point while traversing
> > > the list, the func attribute is NULL causing the assertion to fail. I
> > > added the following line to the AddFuncToPreprocList in rules.c after
> > > line number 1370:
> > > idx->next = NULL;
> > >
> > > I'm assuming the crash was caused because pointers are not being
> > > initialized to NULL and at some point snort is accessing random memory
> > > while trying to read the list.  I've had snort up and running for 3
> > > hours since I made this change.

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8

iQA/AwUBO1PJRrLjQl4gvHqLEQLtqwCfSE85yyif6iudUgDfj1+MpEOut1gAn15L
Yv+drq1FXsY93fsZ0E+/eCde
=rT0l
-----END PGP SIGNATURE-----





More information about the Snort-devel mailing list