[Snort-devel] [ snort-Bugs-496508 ] Snort 1.8.3 crash in mSearchCI

noreply at ...12... noreply at ...12...
Sun Jan 6 21:44:03 EST 2002


Bugs item #496508, was opened at 2001-12-24 08:45
You can respond by visiting: 
http://sourceforge.net/tracker/?func=detail&atid=103357&aid=496508&group_id=3357

Category: None
Group: None
>Status: Closed
>Resolution: Accepted
Priority: 5
Submitted By: Bob Fillmore (fillmore)
>Assigned to: Martin Roesch (roesch)
Summary: Snort 1.8.3 crash in mSearchCI

Initial Comment:
Snort 1.8.3 crashed on Red Hat Linux 7.1 with full rule set on 30mbps Internet link:

[root at ...1036... rules]# gdb ../snort-1.8.3/snort core
GNU gdb 5.0rh-5 Red Hat Linux 7.1
Copyright 2001 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-redhat-linux"...
Core was generated by `/home/fillmore/snort/snort-1.8.3/snort -i eth0 -l /disk2/
snortlogs -c snort.con'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /lib/i686/libm.so.6...done.
Loaded symbols for /lib/i686/libm.so.6
Reading symbols from /lib/libnsl.so.1...done.
Loaded symbols for /lib/libnsl.so.1
Reading symbols from /lib/i686/libc.so.6...done.
Loaded symbols for /lib/i686/libc.so.6
Reading symbols from /lib/ld-linux.so.2...done.
Loaded symbols for /lib/ld-linux.so.2
Reading symbols from /lib/libnss_files.so.2...done.
Loaded symbols for /lib/libnss_files.so.2
#0  mSearchCI (buf=0x401b8070 "", blen=65532, ptrn=0x824ed60 "+++ATH", plen=6,
    skip=0x824fbc8, shift=0x824ed70) at mstring.c:534
534                     toupper((unsigned char) buf[--b_idx]))
(gdb) bt
#0  mSearchCI (buf=0x401b8070 "", blen=65532, ptrn=0x824ed60 "+++ATH", plen=6,
    skip=0x824fbc8, shift=0x824ed70) at mstring.c:534
#1  0x08058b2f in CheckANDPatternMatch (p=0xbffff250, otn_idx=0x824f350,
    fp_list=0x824ed90) at sp_pattern_match.c:781
#2  0x080561cf in EvalOpts (List=0x824f350, p=0xbffff250) at rules.c:4137
#3  0x08055f1a in EvalHeader (rtn_idx=0x824eac0, p=0xbffff250) at rules.c:3850
#4  0x08055ea8 in EvalPacket (List=0x809f078, mode=2, p=0xbffff250)
    at rules.c:3778
#5  0x08055d24 in Detect (p=0xbffff250) at rules.c:3671
#6  0x08055b3f in Preprocess (p=0xbffff250) at rules.c:3514
#7  0x0804aadb in ProcessPacket (user=0x0, pkthdr=0xbffff730,
    pkt=0x401b8042 "\b") at snort.c:536
#8  0x08077266 in packet_ring_recv ()
#9  0x0807758f in pcap_read ()
#10 0x0807823f in pcap_loop ()
#11 0x0804c0f3 in InterfaceThread (arg=0x0) at snort.c:1663
#12 0x0804a9ad in main (argc=7, argv=0xbffff98c) at snort.c:469
#13 0x40081177 in __libc_start_main (main=0x804a300 <main>, argc=7,
    ubp_av=0xbffff98c, init=0x8049a38 <_init>, fini=0x8081c30 <_fini>,
    rtld_fini=0x4000e184 <_dl_fini>, stack_end=0xbffff97c)
    at ../sysdeps/generic/libc-start.c:129
(gdb)

----------------------------------------------------------------------

Comment By: Christopher Lea (clea)
Date: 2002-01-04 01:56

Message:
Logged In: YES 
user_id=415890

I got this error running with libpcap version .4, upgraded 
to .6 - seems to run O.K. now

----------------------------------------------------------------------

You can respond by visiting: 
http://sourceforge.net/tracker/?func=detail&atid=103357&aid=496508&group_id=3357




More information about the Snort-devel mailing list