[Snort-devel] Re: segfault with 1.8.5 Build 103+104

Roland von Herget rherget at ...1240...
Tue Apr 9 02:14:09 EDT 2002


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


for the archive:

works fine with 1.8.6

Greetings,

Roland

On Mon, 8 Apr 2002, Roland von Herget wrote:
> while trying to upgrade my snort 1.8.3 (Build 88) to snort 1.8.5 I got a
> segfault:
>
> After playing a bit with my snort.conf I found this as minimal config file
> to trigger the segfault:
> ------------------------------------------------------------------
> var EXTERNAL_NET any
> var SMTP [10.0.0.0/24]
> var HTTP_SERVERS [10.0.0.0/24,10.0.1.1/32]
> #var HTTP_SERVERS [10.0.0.0/24]
> #var HTTP_SERVERS [10.0.0.0/16,10.0.1.1/32]
>
> alert tcp $HTTP_SERVERS 80 -> $EXTERNAL_NET any (msg:"x";)
> alert tcp $SMTP 25 -> $EXTERNAL_NET any (msg:"y";)
> ------------------------------------------------------------------
>
> If you try one of the commented (#) HTTP_SERVERS it works;
> If $SMTP and $HTTP_SERVERS include exactly the same IP range/address
> _and_ one of them include a second IP range/address it segfaults...
>
> here is how I started snort and what gdb says:
> ------------------------------------------------------------------
> # ./snort.1.8.5.cvs -T -c snort.conf
> Log directory = /var/log/snort
>
> Initializing Network Interface eth0
>
>         --== Initializing Snort ==--
> Decoding 'ANY' on interface eth0
> Initializing Preprocessors!
> Initializing Plug-ins!
> Initializating Output Plugins!
> Parsing Rules file snort.conf
>
> +++++++++++++++++++++++++++++++++++++++++++++++++++
> Initializing rule chains...
> Segmentation fault (core dumped)
> ------------------------------------------------------------------
> # gdb ./snort.1.8.5.cvs core
> GNU gdb 5.0
> [...]
> (gdb) where
> #0  0x8057737 in TestHeader (rule=0x80d5210, rtn=0xbfffd234) at rules.c:2977
> #1  0x805567a in ProcessHeadNode (test_node=0xbfffd234, list=0x80b0f58, protocol=6)
>     at rules.c:846
> #2  0x80554e6 in ParseRule (rule_file=0x80d4b38,
>     prule=0xbffff32c "alert tcp $SMTP 25 -> $EXTERNAL_NET any
> (msg:\"y\";)", inclevel=0)
>     at rules.c:700
> #3  0x8054d3c in ParseRulesFile (file=0x80af5e4 "x", inclevel=0) at rules.c:198
> #4  0x804ab34 in main (argc=4, argv=0xbffff844) at snort.c:335
> #5  0x400b1baf in __libc_start_main () from /lib/libc.so.6
> ------------------------------------------------------------------

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Weitere Infos: siehe http://www.gnupg.org

iD8DBQE8srDJTyqg9LmJhHMRAuS7AJ48cRDvYjLd/4CAEMjl1eGj9s0z/gCgt5Gk
CKlZYKKHJblhDgccIMLV+Pw=
=3rtQ
-----END PGP SIGNATURE-----






More information about the Snort-devel mailing list