[Snort-devel] Snort crashes with "config order"

Terry Luedtke LuedtkT at ...1517...
Mon Aug 5 19:49:03 EDT 2002


Andrew,
 
Oh. You're right, I just had "config order" in my file. From the
documentation
 
  order 
      Change the pass order of rules ( snort -o ) 
 
I thought it was just a flag like the -o. Didn't realize I could
specify any order I wanted. I added the rest of the line and snort runs
fine. 

Thanks,
Terry Luedtke

>>> "Andrew R. Baker" <andrewb at ...835...> 01-Aug-02 10:01:22 >>>
Terry Luedtke wrote:
> Hi,
>  
> We just built snort 1.8.7. When we use the configuration line "config

> order", the program crashes. I've tested this with a rules file that

> contains nothing but the order directive and it still crashes.

What do you have for that config line?  Looking at the backtrace below,

I would say nothing.  You are *supposed* to list something after it in

the config file (ie:  "config order: pass alert log").  Regardless, I 
will fix this in the 1.9 branch.

-A

> We are running Solaris 9 (we were running a previous version of
snort, 
> 1.7.?, on an older version of Solaris and it exhibited the same
problem, 
> I just ignored it then). I've included the backtrace below.
>  
> Program terminated with signal 11, Segmentation Fault.
> ...
> #0  0x2a9e8 in OrderRuleLists (order=0x131bd8 "") at rules.c:4971
> 4971                if( node == NULL )
> (gdb) bt
> #0  0x2a9e8 in OrderRuleLists (order=0x131bd8 "") at rules.c:4971
> #1  0x35d44 in ParseConfig (rule=0xffbfd548 "config order") at
parser.c:250
> #2  0x267d4 in ParseRule (rule_file=0x8c000, prule=0xffbff678 "config

> order",
>     inclevel=0) at rules.c:564
> #3  0x262c8 in ParseRulesFile (file=0x8b000 "", inclevel=0) at
rules.c:198
> #4  0x1bdf0 in main (argc=706300, argv=0xffbffb9c) at snort.c:332






More information about the Snort-devel mailing list