[Snort-devel] [ snort-Bugs-458644 ] Segfault in FlushStream

noreply at ...12... noreply at ...12...
Thu Oct 25 20:33:19 EDT 2001


Bugs item #458644, was opened at 2001-09-05 02:06
You can respond by visiting: 
http://sourceforge.net/tracker/?func=detail&atid=103357&aid=458644&group_id=3357

Category: None
Group: None
>Status: Closed
>Resolution: Fixed
Priority: 5
Submitted By: Nobody/Anonymous (nobody)
Assigned to: Martin Roesch (roesch)
Summary: Segfault in FlushStream

Initial Comment:
Hi,

We have been running snort on a busy network for 
about a month, and it segfaults and dies fairly 
randomly, about once every hour or two. One stack 
trace I captured was:

Program received signal SIGSEGV, Segmentation fault.
0x42424238 in ?? ()
(gdb) bt
#0  0x42424238 in ?? ()
#1  0x08073c65 in FlushStream (s=0x80d2d88, 
p=0xbffff75c, direction=0)
    at spp_stream4.c:2499
#2  0x080722a6 in ReassembleStream4 (p=0xbffff75c) at 
spp_stream4.c:1084
#3  0x08054ac3 in Preprocess (p=0xbffff75c) at 
rules.c:3427
#4  0x0804a8dc in ProcessPacket (user=0x0, 
pkthdr=0xbffffc04, pkt=0x80cddca "")
    at snort.c:512
#5  0x08075522 in pcap_read ()
#6  0x08075d23 in pcap_loop ()
#7  0x0804bb93 in InterfaceThread (arg=0x0) at 
snort.c:1441
#8  0x0804a7d8 in main (argc=15, argv=0xbffffd84) at 
snort.c:445
#9  0x4007ed4c in __libc_start_main (main=0x804a200 
<main>, argc=15...

As you can see, the top frame's address is completely 
bogus, and looks worryingly like a buffer overflow on 
the stack. This looks like it might be a bug in 
stream4. Any ideas?

Cheers, Chris.


----------------------------------------------------------------------

>Comment By: Martin Roesch (roesch)
Date: 2001-10-25 20:27

Message:
Logged In: YES 
user_id=18573

No response for two weeks, I'll assume that build 84 did the
trick.


----------------------------------------------------------------------

Comment By: Martin Roesch (roesch)
Date: 2001-10-15 19:17

Message:
Logged In: YES 
user_id=18573

Ok, some fixes have been committed, please check out build
84 from CVS or grab snort-current.tar.gz from snort.org and
see if that fixes the problem.

    -Marty

----------------------------------------------------------------------

Comment By: Martin Roesch (roesch)
Date: 2001-09-27 23:02

Message:
Logged In: YES 
user_id=18573

Hi there,

Your message doesn't give us enough information about your
situation to make an accurate diagnosis.  Please read the BUGS
file and send us the information outlined in that file so that we
can help you.  Thanks.


----------------------------------------------------------------------

You can respond by visiting: 
http://sourceforge.net/tracker/?func=detail&atid=103357&aid=458644&group_id=3357




More information about the Snort-devel mailing list