[Snort-devel] now a crash in spp_tcp_stream3

Todd Lewis tlewis at ...255...
Sat May 12 13:56:06 EDT 2001


Here's another crash, this time closer to what I was messing with:

-*> Snort! <*-
Version 1.8-beta5 (Build 22)
By Martin Roesch (roesch at ...16..., www.snort.org)

Program received signal SIGSEGV, Segmentation fault.
0x40074e36 in chunk_free () at malloc.c:2824
malloc.c:2824: No such file or directory. 
(gdb) backtrace
#0  0x40074e36 in chunk_free () at malloc.c:2824
#1  0x40074d01 in __cfree () at malloc.c:2684
#2  0x8071c79 in TcpStream3FillBuffer (sptr=0x8129320, buf=0x849e104 "",
    psize=447, server=0) at spp_tcp_stream3.c:1407
#3  0x8071b2e in TcpStream3Packetize (sptr=0x8129320, pb=0xbffff5e4, psize=447,
    server_packet=1) at spp_tcp_stream3.c:1328
#4  0x80710d3 in TcpStream3Packet (p=0xbffff5e4) at spp_tcp_stream3.c:633
#5  0x8055c27 in Preprocess (p=0xbffff5e4) at rules.c:3358
#6  0x804c088 in ProcessPacket (user=0x0, pkthdr=0xbffffa74, pkt=0x81283d0 "")
    at snort.c:509
#7  0x80721f2 in pcap_read_packet ()
#8  0x8072121 in pcap_read ()
#9  0x807291b in pcap_loop ()
#10 0x804d32f in InterfaceThread (arg=0x0) at snort.c:1385
#11 0x804bf64 in main (argc=3, argv=0xbffffba0) at snort.c:442
(gdb) frame 2
#2  0x8071c79 in TcpStream3FillBuffer (sptr=0x8129320, buf=0x849e104 "",
    psize=447, server=0) at spp_tcp_stream3.c:1407
1407                free(tmp->data);
(gdb) info locals
sptr = (TcpStream3Session *) 0x8129320
pdata = (TcpStream3PacketData *) 0x0
tmp = (TcpStream3PacketData *) 0x8129380
first_seq = 2237463212
index = 0
(gdb) print tmp->data
$3 = (unsigned char *) 0x84ae190 "" 

If it's any help, I've attached the patch for my mods, but I don't think
that I've done anything that could trigger this.  If someone (Marty?)
familiar with stream3 could review the patch, though, then maybe they'll
see something I'm not.

--
Todd Lewis
tlewis at ...255...
-------------- next part --------------
diff -ruN snort-stream3.orig/avl_tree.c snort-stream3/avl_tree.c
--- snort-stream3.orig/avl_tree.c	Sat May 12 12:02:56 2001
+++ snort-stream3/avl_tree.c	Sat May 12 13:19:33 2001
@@ -314,6 +314,14 @@
 
 }
 
+void walkavltree(void (*callback)(struct Node*), struct Node *start)
+{
+    if (start == NULL) return;
+    walkavltree(callback, start->left);
+	 (*callback)(start);
+    walkavltree(callback, start->right);
+}
+
 #ifdef DEBUG
 void countnodes( struct Node *start)
 {
diff -ruN snort-stream3.orig/avl_tree.h snort-stream3/avl_tree.h
--- snort-stream3.orig/avl_tree.h	Sat May 12 12:02:56 2001
+++ snort-stream3/avl_tree.h	Sat May 12 13:16:09 2001
@@ -37,6 +37,7 @@
 void balanceleft(struct Node ** start);
 void balanceright(struct Node ** start);
 void countnodes(struct Node *);
+void walkavltree(void (*callback)(struct Node*), struct Node *start);
 
 #endif  /* __AVLTREE_H__  */
 
diff -ruN snort-stream3.orig/snort.c snort-stream3/snort.c
--- snort-stream3.orig/snort.c	Sat May 12 12:02:56 2001
+++ snort-stream3/snort.c	Sat May 12 13:16:09 2001
@@ -49,6 +49,11 @@
 extern OutputFuncNode *LogList;
 /*extern char *malloc_options;*/
 
+/* spp_tcp_stream3 leak detection */
+extern void leak_finder_setup(char *dump_filename);
+extern void leak_finder(int signum);
+/* end spp_tcp_stream3 leak detection */
+
 /*
  *
  * Function: main(int, char *)
@@ -77,12 +82,15 @@
 
 /*    malloc_options = "AX";*/
 
+    leak_finder_setup("./stream3_leak_finder.log");
+
     /* make this prog behave nicely when signals come along */
     signal(SIGTERM, CleanExit);
     signal(SIGINT, CleanExit);
     signal(SIGQUIT, CleanExit);
     signal(SIGHUP, CleanExit);
     signal(SIGUSR1, DropStats);
+    signal(SIGUSR2, leak_finder);
 
     /*
      * set a global ptr to the program name so other functions can tell what
diff -ruN snort-stream3.orig/spp_tcp_stream3.c snort-stream3/spp_tcp_stream3.c
--- snort-stream3.orig/spp_tcp_stream3.c	Sat May 12 12:02:57 2001
+++ snort-stream3/spp_tcp_stream3.c	Sat May 12 13:16:09 2001
@@ -68,7 +68,8 @@
 #include <sys/types.h>
 #include <sys/time.h>
 #include "spp_tcp_stream3.h"
-
+#include <sys/stat.h> /* umask for leak detection */
+#include <stdio.h>     /* fopen et al. for leak detection */
 #undef HAVE_64
 
 #define SEQ_GT(x,y)     (y - x > 0x7fffffff)
@@ -95,6 +96,51 @@
 void InitNewStream(TcpStream3Session *, Packet *, int, int);
 TcpStream3Session *NewStream(int);
 
+/* Leak finder */
+int nsession=0;
+
+static FILE* leak_finder_report;
+
+void 
+avlcallback(struct Node* n)
+{
+	TcpStream3Session* s=n->nsptr;
+
+	fprintf(leak_finder_report, "Session %i, %s\n",
+		s->nsession,
+		ctime(&(s->itime))
+	);
+}
+
+void
+leak_finder_setup(char *dump_filename)
+{
+	int oumask;
+
+	oumask=umask(022);
+
+	if((leak_finder_report=fopen(dump_filename, "w"))==NULL){
+		fprintf(stderr, "Aiee!  Can't open file \"%s\" for leak detection.  Exiting.\n", dump_filename);
+		exit(-1);
+	}
+
+	umask(oumask);
+}
+
+void
+leak_finder(int signum)
+{
+	time_t c=time(NULL);
+	fprintf(leak_finder_report, "Starting dump at: %s\n", ctime(&c));
+	fprintf(leak_finder_report, "==========================================\n");
+	walkavltree(&avlcallback, rootnode);
+	fprintf(leak_finder_report, "==========================================\n");
+	fprintf(leak_finder_report, "\n");
+	fflush(leak_finder_report);
+}
+
+/* End leak finder */
+
 /*
  * Function: SetupTcpStream3()
  *
@@ -268,10 +314,12 @@
 
         for(j=0;j<num_toks;j++)
             free(toks[j]);
+			free(toks);
     }
 
     for(i=0;i<num_secs;i++)
         free(secs[i]);
+    free(secs);
 }
 
 
@@ -1511,6 +1559,9 @@
         FatalError("Unable to allocate new stream node, reduce your treedepth "
                    "and try again\n");
     }
+
+	 nptr->nsptr->itime=time(NULL);
+	 nptr->nsptr->nsession=nsession++;
 
     if(nptr == NULL)
         return NULL;
diff -ruN snort-stream3.orig/spp_tcp_stream3.h snort-stream3/spp_tcp_stream3.h
--- snort-stream3.orig/spp_tcp_stream3.h	Sat May 12 12:02:57 2001
+++ snort-stream3/spp_tcp_stream3.h	Sat May 12 13:16:09 2001
@@ -24,6 +24,7 @@
 
 /* $Id: spp_tcp_stream3.h,v 1.3 2001/05/11 14:40:32 roesch Exp $ */
 
+#include <time.h> /* time_t */
 #include "snort.h"
 #include "avl_tree.h"
 
@@ -87,6 +88,9 @@
     u_int32_t timestamp;  /* last access time */
 
     struct _TcpStream3Session *next;
+
+	 time_t itime;
+	 int nsession;
 } TcpStream3Session;
 
 typedef struct _TcpStream3Data


More information about the Snort-devel mailing list