[Snort-devel] Cored Dump - Solaris 2.6 snort 1.9

Gercken, Bill Mr SIGNAL bill.gercken at ...1416...
Thu Jun 13 10:58:06 EDT 2002


Hi, 

I am trying to run the current development version of snort (1.9-dev build
158) under 
Solaris 2.6 in packet capture mode and I get the core dump shown below.

Command line such as: snort -l . -b 

Running the same version under Linux works, but I get messages in syslog
such as:

Jun 13 10:28:49 ispro snort: LOG: (null)
Jun 13 10:28:53 ispro last message repeated 2 times
... 

Any ideas?

Regards,
-bill

==

gercken at ...1417... $ gdb snort
GNU gdb 4.17
Copyright 1998 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "sparc-sun-solaris2.6"...
(gdb) run -b
Starting program: /home/bgercken/snort/src/snort -b
Initializing Output Plugins!
Log directory = /var/log/snort

Initializing Network Interface hme0

        --== Initializing Snort ==--
Decoding Ethernet on interface hme0

        --== Initialization Complete ==--

-*> Snort! <*-
Version 1.9-dev (Build 158)
By Martin Roesch (roesch at ...402..., www.snort.org)
LOG:
Program received signal SIGSEGV, Segmentation fault.
0xef5a4704 in strlen ()
(gdb) where
#0  0xef5a4704 in strlen ()
#1  0xef5da99c in _doprnt ()
#2  0xef5e3c18 in vfprintf ()
#3  0x29e50 in ErrorMessage (format=0xeffff370 "") at util.c:537
#4  0x326dc in LogTcpdump (p=0xeffff468, msg=0x0, arg=0x13f5c0, event=0x0)
    at spo_log_tcpdump.c:255
#5  0x2b948 in CallLogPlugins (p=0xeffff468, message=0x0, args=0x0,
event=0x0)
    at detect.c:211
#6  0x2601c in ProcessPacket (user=0x0, pkthdr=0xeffff968,
    pkt=0x141f32 "ÿÿÿÿÿÿ") at snort.c:560
#7  0x46368 in pcap_read ()
#8  0x47490 in pcap_loop ()
#9  0x27610 in InterfaceThread (arg=0xba018) at snort.c:1606
#10 0x25efc in SnortMain (argc=2, argv=0xeffffc04) at snort.c:511
#11 0x25808 in main (argc=2, argv=0xeffffc04) at snort.c:95
(gdb) up
#1  0xef5da99c in _doprnt ()
(gdb) up
#2  0xef5e3c18 in vfprintf ()
(gdb) up
#3  0x29e50 in ErrorMessage (format=0xeffff370 "") at util.c:537
537             vfprintf(stderr, format, ap);
(gdb) print *ap
Attempt to dereference a generic pointer.
(gdb) print (char*) ap
$1 = 0xef62afac ""

(gdb) up
#4  0x326dc in LogTcpdump (p=0xeffff468, msg=0x0, arg=0x13f5c0, event=0x0)
    at spo_log_tcpdump.c:255
255             ErrorMessage("LOG: %s\n", msg);
(gdb) up
#5  0x2b948 in CallLogPlugins (p=0xeffff468, message=0x0, args=0x0,
event=0x0)
    at detect.c:211
211             idx->func(p, message, idx->arg, event);
(gdb)
(gdb) print *p
$2 = {pkth = 0xeffff968, pkt = 0x141f32 "ÿÿÿÿÿÿ", fddihdr = 0x0,
  fddisaps = 0x0, fddisna = 0x0, fddiiparp = 0x0, fddiother = 0x0, trh =
0x0,
  trhllc = 0x0, trhmr = 0x0, sllh = 0x0, pfh = 0x0, eh = 0x141f32, vh = 0x0,
  ehllc = 0x0, ehllcother = 0x0, wifih = 0x0, ah = 0x141f40, eplh = 0x0,
  eaph = 0x0, eaptype = 0x0, eapolk = 0x0, iph = 0x0, orig_iph = 0x0,
  ip_options_len = 0, ip_options_data = 0x0, tcph = 0x0, orig_tcph = 0x0,
  tcp_options_len = 0, tcp_options_data = 0x0, udph = 0x0, orig_udph = 0x0,
  icmph = 0x0, orig_icmph = 0x0, ext = 0x0, data = 0x0, dsize = 0,
  frag_flag = 0 '\000', frag_offset = 0, mf = 0 '\000', df = 0 '\000',
  rf = 0 '\000', sp = 0, dp = 0, orig_sp = 0, orig_dp = 0, caplen = 0,
  uri_count = 0 '\000', ssnptr = 0x0, state = 0x0, ip_options = {{
      code = 0 '\000', len = 0, data = 0x0} <repeats 40 times>},
  ip_option_count = 0, ip_lastopt_bad = 0 '\000', tcp_options = {{
      code = 0 '\000', len = 0, data = 0x0} <repeats 40 times>},
  tcp_option_count = 0, tcp_lastopt_bad = 0 '\000', csum_flags = 0 '\000',
  packet_flags = 2147483648}

(gdb) print message
$5 = 0x0
(gdb) print idx->arg
$6 = (void *) 0x13f5c0
(gdb) print *idx->arg
Attempt to dereference a generic pointer.
(gdb) print (char*) idx->arg
$7 = 0x13f5c0 ""
(gdb) print *idx
$8 = {func = 0x32678 <LogTcpdump>, arg = 0x13f5c0, next = 0x0}






More information about the Snort-devel mailing list