[Snort-devel] COREdump of snort on a Dual i586 233MMX

Dennis Fleurbaaij dennis at ...856...
Wed Oct 3 04:23:04 EDT 2001


Hi,

I'm running snort on my home-firewall but it tends to coredump all over 
the place on my i386. The version in this trace here is 1.8.1-RELEASE
but the CVS version dumps even worse so I assume that the problem is not 
yet fixed.

I run snort with a postresql database.

(NOTE: the logging to the db doesn't work unless I compile snort 1.8.1 
without the -O2 option, any ideas on this one please mail me,
the CVS versing works okay though when logging though)

So I won't keep you in suspense much longer, here it is:

[root at ...857... test]# gdb -c core /software/snort-1.8.1-RELEASE/snort   
GNU gdb 5.0rh-5 Red Hat Linux 7.1
Copyright 2001 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain 
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-redhat-linux"...
Core was generated by `snort -p -c /etc/snort/snort.conf -D'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /lib/libm.so.6...done.
Loaded symbols for /lib/libm.so.6
Reading symbols from /lib/libnsl.so.1...done.
Loaded symbols for /lib/libnsl.so.1
Reading symbols from /usr/lib/libpq.so.2...done.
Loaded symbols for /usr/lib/libpq.so.2
Reading symbols from /usr/lib/libssl.so.1...done.
Loaded symbols for /usr/lib/libssl.so.1
Reading symbols from /usr/lib/libcrypto.so.1...done.
Loaded symbols for /usr/lib/libcrypto.so.1
Reading symbols from /lib/libc.so.6...done.
Loaded symbols for /lib/libc.so.6
Reading symbols from /lib/libcrypt.so.1...done.
Loaded symbols for /lib/libcrypt.so.1
Reading symbols from /lib/libresolv.so.2...done.
Loaded symbols for /lib/libresolv.so.2
Reading symbols from /lib/libdl.so.2...done.
Loaded symbols for /lib/libdl.so.2
Reading symbols from /lib/ld-linux.so.2...done.
Loaded symbols for /lib/ld-linux.so.2
Reading symbols from /lib/libnss_files.so.2...done.
Loaded symbols for /lib/libnss_files.so.2
Reading symbols from /lib/libnss_nisplus.so.2...done.
Loaded symbols for /lib/libnss_nisplus.so.2
Reading symbols from /lib/libnss_dns.so.2...done.
Loaded symbols for /lib/libnss_dns.so.2
#0  0x08065725 in Database (p=0xbffff360,
    msg=0x80a7900 "Ethernet destination/ARP target address mismatch", 
arg=0x810cd18, event=0xbffff300)
    at spo_database.c:823
823                if(p->iph->ip_proto == IPPROTO_ICMP && p->icmph)
(gdb)


We can seen that it has something to so with the database driver ( 
spo_database.c ). The comment above that line is:

/* query = NewQueryNode(query, 0); */

Which kindof leadse me to beleave that i'm wrinting to NULL (or even 
worse a stray pointer) here. In anycase if someone who wants
to help and _CAN_ help is interested, a shell to the machine is 
available... Or if you're lazy just give me a clue to why this happens
and I'll code it myself.

Greets and tnx for the (usually) kewl software,
  - Dennis Fleurbaaij






More information about the Snort-devel mailing list