[Snort-devel] wee, another core :p

Martin Roesch roesch at ...402...
Tue May 8 23:14:57 EDT 2001


Turn off the rule on line 25 of policy.rules and see if the problem goes
away...

    -Marty

Storms of Perfection wrote:
> 
> GNU gdb 4.18
> Copyright 1998 Free Software Foundation, Inc.
> GDB is free software, covered by the GNU General Public License, and you are
> welcome to change it and/or distribute copies of it under certain conditions.
> Type "show copying" to see the conditions.
> There is absolutely no warranty for GDB.  Type "show warranty" for details.
> This GDB was configured as "i386-unknown-freebsd"...
> Core was generated by `snort'.
> Program terminated with signal 10, Bus error.
> Reading symbols from /usr/lib/libpcap.so.2...done.
> Reading symbols from /usr/lib/libm.so.2...done.
> Reading symbols from /usr/lib/libssl.so.2...done.
> Reading symbols from /usr/lib/libcrypto.so.2...done.
> Reading symbols from /usr/lib/libc.so.5...done.
> Reading symbols from /usr/libexec/ld-elf.so.1...done.
> #0  0x2824d36b in memset () from /usr/lib/libc.so.5
> (gdb) bt
> #0  0x2824d36b in memset () from /usr/lib/libc.so.5
> #1  0xd0d4d0d0 in ?? ()
> #2  0x2824c715 in isatty () from /usr/lib/libc.so.5
> #3  0x2824ce39 in malloc () from /usr/lib/libc.so.5
> #4  0x80521ac in mSplit (
>      str=0xbfbfb1a5 "msg:\"FTP MKD  / - possible warez site\"; flags: A+;
> content:\"MKD / \"; nocase; depth: 6; classtype:bad-unknown;",
> sep=0x8078a15 ";", max_strs=64, toks=0xbfbfb0f8, meta=92 '\\') at mstring.c:122
> #5  0x8053c00 in ParseRuleOptions (
>      rule=0xbfbfb17c "alert tcp any any -> 208.141.46.0/24 21 (msg:\"FTP
> MKD  / - possible warez site\"; flags: A+; content:\"MKD / \"; nocase;
> depth: 6; classtype:bad-unknown;", rule_type=2, protocol=6) at rules.c:1672
> #6  0x805323b in ParseRule (rule_file=0x2826d490,
>      prule=0xbfbfd22c "alert tcp $EXTERNAL_NET any -> $HOME_NET 21
> (msg:\"FTP MKD  / - possible warez site\"; flags: A+; content:\"MKD / \";
> nocase; depth: 6; classtype:bad-unknown;) ", inclevel=1) at rules.c:723
> #7  0x8052abb in ParseRulesFile (file=0x8573a60 "policy.rules", inclevel=1)
> at rules.c:200
> #8  0x8052f3c in ParseRule (rule_file=0x2826d3e0, prule=0xbfbff75c "include
> policy.rules", inclevel=0) at rules.c:525
> #9  0x8052abb in ParseRulesFile (file=0x808a328 "./snort.conf", inclevel=0)
> at rules.c:200
> #10 0x804aeab in main (argc=9, argv=0xbfbffc00) at snort.c:298
> 
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
> http://lists.sourceforge.net/lists/listinfo/snort-devel

--
Martin Roesch
roesch at ...402...
http://www.sourcefire.com - http://www.snort.org




More information about the Snort-devel mailing list