[Snort-devel] segfault with 1.8.5 Build 103+104

Roland von Herget rherget at ...1240...
Mon Apr 8 05:50:07 EDT 2002


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi all,

while trying to upgrade my snort 1.8.3 (Build 88) to snort 1.8.5 I got a
segfault:

After playing a bit with my snort.conf I found this as minimal config file
to trigger the segfault:
- ------------------------------------------------------------------
var EXTERNAL_NET any
var SMTP [10.0.0.0/24]
var HTTP_SERVERS [10.0.0.0/24,10.0.1.1/32]
#var HTTP_SERVERS [10.0.0.0/24]
#var HTTP_SERVERS [10.0.0.0/16,10.0.1.1/32]

alert tcp $HTTP_SERVERS 80 -> $EXTERNAL_NET any (msg:"x";)
alert tcp $SMTP 25 -> $EXTERNAL_NET any (msg:"y";)
- ------------------------------------------------------------------

If you try one of the commented (#) HTTP_SERVERS it works;
If $SMTP and $HTTP_SERVERS include exactly the same IP range/address
_and_ one of them include a second IP range/address it segfaults...

here is how I started snort and what gdb says:
- ------------------------------------------------------------------
# ./snort.1.8.5.cvs -T -c snort.conf
Log directory = /var/log/snort

Initializing Network Interface eth0

        --== Initializing Snort ==--
Decoding 'ANY' on interface eth0
Initializing Preprocessors!
Initializing Plug-ins!
Initializating Output Plugins!
Parsing Rules file snort.conf

+++++++++++++++++++++++++++++++++++++++++++++++++++
Initializing rule chains...
Segmentation fault (core dumped)
- ------------------------------------------------------------------
# gdb ./snort.1.8.5.cvs core
GNU gdb 5.0
[...]
(gdb) where
#0  0x8057737 in TestHeader (rule=0x80d5210, rtn=0xbfffd234) at rules.c:2977
#1  0x805567a in ProcessHeadNode (test_node=0xbfffd234, list=0x80b0f58, protocol=6)
    at rules.c:846
#2  0x80554e6 in ParseRule (rule_file=0x80d4b38,
    prule=0xbffff32c "alert tcp $SMTP 25 -> $EXTERNAL_NET any
(msg:\"y\";)", inclevel=0)
    at rules.c:700
#3  0x8054d3c in ParseRulesFile (file=0x80af5e4 "x", inclevel=0) at rules.c:198
#4  0x804ab34 in main (argc=4, argv=0xbffff844) at snort.c:335
#5  0x400b1baf in __libc_start_main () from /lib/libc.so.6
- ------------------------------------------------------------------


so, is this a bug or is the problem between keyboard and chair ?


Greetings,

Roland
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Weitere Infos: siehe http://www.gnupg.org

iD8DBQE8sZHHTyqg9LmJhHMRAhvBAKCvmwugQ+wcFD2ZmQhtW/2b54Mi/wCgm6bI
xkYWr+Xvh8FVqkHES1O6W78=
=cNjC
-----END PGP SIGNATURE-----






More information about the Snort-devel mailing list