[Snort-devel] BUG

Eric Lauzon eric.lauzon at ...1967...
Sun May 4 20:49:16 EDT 2003


Whats happening here is kinda wierd
i get all sort of errors message also



$uname -a
OpenBSD xxx.xxxx.xxxx 3.3 GENERIC#0 i386
$snort-2.0.0/src/snort -l bb -i em1 -c ./snort-2.0.0/rules/snort.conf
Initializing rule chains...
No arguments to frag2 directive, setting defaults to:
    Fragment timeout: 60 seconds
    Fragment memory cap: 4194304 bytes
    Fragment min_ttl:   0
    Fragment ttl_limit: 5
    Fragment Problems: 0
    Self preservation threshold: 500
    Self preservation period: 90
    Suspend threshold: 1000
    Suspend period: 30
telnet_decode arguments:
    Ports to decode telnet on: 21 23 25 119
Using LOCAL time
database: compiled support for ( postgresql )
database: configured to use postgresql
database:          user = csc2
database: database name = above01
database:          host = 10.1.0.107
database: password is set
database:   sensor name = ussd_dell20_test
database:     sensor id = 133
database: postgresql_error: ERROR:  Attribute "last_cid" not found

database: postgresql_error: ERROR:  Relation "sensor" has no column
"last_cid"

database: inconsistent cid information for sid=133
          Recovering by rolling forward the cid=23
database: schema version = 106
database: using the "alert" facility
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!1823 Snort rules read...
1823 Option Chains linked into 232 Chain Headers
Version 2.0.0 (Build 72)
By Martin Roesch (roesch at ...402..., www.snort.org)

snort in free(): warning: chunk is already free.
database: postgresql_error: ERROR:  Bad timestamp external representation ''

snort in free(): warning: chunk is already free.
snort in free(): warning: chunk is already free.
snort in free(): warning: chunk is already free.
database: postgresql_error: ERROR:  Bad timestamp external representation ''

Memory fault (core dumped)
$gdb -c snort.core snort-2.0.0/src/sort
(gdb) bt
#0  0x4011bb0a in strrchr ()
#1  0x4015a060 in _GLOBAL_OFFSET_TABLE_ ()
#2  0x4011bbe5 in strrchr ()
#3  0x4011bef5 in strrchr ()
#4  0x4011c54b in malloc ()
#5  0x401480f0 in calloc ()
#6  0x1c3f6 in fasthex (xdata=0x1d8ef4 "$D\r\003\005xö\002", length=785) at
plugbase.c:1648
#7  0x10540 in mSearch (buf=0x1d8ef4 "$D\r\003\005xö\002", blen=785,
    ptrn=0x448320 "\023À\034¦\023À\034¦\023À\034¦\023À\034¦", plen=16,
skip=0x449c00, shift=0x443c80)
    at mstring.c:496
#8  0x47824 in uniSearchReal (data=0x1d8ef4 "$D\r\003\005xö\002", dlen=785,
pmd=0x443c40, nocase=0)
    at sp_pattern_match.c:360
#9  0x4722d in uniSearch (data=0x1d8ef4 "$D\r\003\005xö\002", dlen=785,
pmd=0x443c40) at sp_pattern_match.c:199
#10 0x49bec in CheckANDPatternMatch (p=0xcfbfd3c8, otn_idx=0x44b200,
fp_list=0x44a3d0) at sp_pattern_match.c:1225
#11 0x2e797 in fpEvalOTN (List=0x44b200, p=0xcfbfd3c8) at fpdetect.c:414
#12 0x2eacc in fpEvalRTNSW (rtn=0x416b80, otn=0x44b200, p=0xcfbfd3c8,
check_ports=1) at fpdetect.c:574
#13 0x2eb58 in otnx_match (id=13262224, index=57, data=0x82ba4) at
fpdetect.c:622
#14 0x309e2 in mwmSearchExNoBC (ps=0xc76800, Tx=0x82cbc
"$D\r\003\005Xö\002", n=785,
    Tc=0x1d8ef4 "$D\r\003\005xö\002", match=0x2eae4 <otnx_match>,
data=0x82ba4) at mwm.c:908
#15 0x3198b in mwmSearch (pv=0xc76800, T=0x1d8ef4 "$D\r\003\005xö\002",
n=785, match=0x2eae4 <otnx_match>,
    data=0x82ba4) at mwm.c:1402
#16 0x320bb in mpseSearch (pv=0xc78c80, T=0x1d8ef4 "$D\r\003\005xö\002",
n=785, action=0x2eae4 <otnx_match>,
    data=0x82ba4) at mpse.c:219
#17 0x2f112 in fpEvalHeaderSW (port_group=0x724d80, p=0xcfbfd3c8,
check_ports=1) at fpdetect.c:943
#18 0x2f4be in fpEvalHeaderTcp (p=0xcfbfd3c8) at fpdetect.c:1132
#19 0x2f744 in fpEvalPacket (p=0xcfbfd3c8) at fpdetect.c:1288
#20 0x278fc in Detect (p=0xcfbfd3c8) at detect.c:283
#21 0x274dd in Preprocess (p=0xcfbfd3c8) at detect.c:104
#22 0x1d22b in ProcessPacket (user=0x0, pkthdr=0x1d8eac, pkt=0x1d8ebe "") at
snort.c:624
#23 0x400982d1 in pcap_read ()
#24 0x4009892f in pcap_loop ()
#25 0x1ffa0 in InterfaceThread (arg=0x0) at snort.c:1547
#26 0x1d08d in SnortMain (argc=7, argv=0xcfbfd9a8) at snort.c:560
#27 0x1c5f7 in main (argc=7, argv=0xcfbfd9a8) at snort.c:180


Eric Lauzon
Analyste en sécurite informatique
eric.lauzon at ...1967...
\0x42\0x49\0x4e\0x46
-----------------------------
1919,boul Lionel-Bertrand
Bureau 203
Boisbriand(Québec)
J7H 1N8
-----------------------------





More information about the Snort-devel mailing list