[Snort-devel] [BUG][Stream5]: SIGSEGV in Stream5 TCP, TcpSessionCleanup at snort_stream5_tcp.c:4624

Joshua.Kinard at ...3108... Joshua.Kinard at ...3108...
Fri Oct 7 20:46:13 EDT 2011


-----Original Message-----
From: Russ Combs [mailto:rcombs at ...402...] 
Sent: Friday, October 07, 2011 8:29 AM
Subject: Re: [Snort-devel] [BUG][Stream5]: SIGSEGV in Stream5 TCP,
TcpSessionCleanup at snort_stream5_tcp.c:4624

>> On Fri, Oct 7, 2011 at 7:20 AM, Russ Combs <rcombs at ...402...>
wrote:
>>
>>	Hey Joshua,
>>	
>>	Thanks for reporting this problem.  I am unable to reproduce it
with my Ubuntu gcc 4.4.3.
>
> No segfault with Fedora gcc 4.5.1 either. 
>
>	Can you also send your ./configure and command lines?
>
> I'm configuring via snort.conf and running with snort -c test.conf -r
2009-04-21-07-47-35.dmp  -A cmg. 

Hi Russ,

Minus --prefix and some of the --with-* overrides (because I am building
this as an unprivileged user and have compiled the needed libraries in
my home folder), this is my configure line:

./configure --enable-ipv6 --enable-zlib --enable-gre --enable-mpls
--enable-decoder-preprocessor-rules --enable-pthread --enable-debug-msgs
--enable-debug --enable-react --enable-flexresp3 --enable-normalizer
--enable-perfprofiling

My command line is this:

snort -c local.rules -k none -A console --pcap-dir <dir>/ -q

On a whim, I just tested using -r <pcap>, and that does not trigger the
SIGSEGV.  It does happen if you use --pcap-dir and have the referenced
PCAP file in the target directory PLUS this SCTP sample from WireShark's
Sample Captures:
http://wiki.wireshark.org/SampleCaptures?action=AttachFile&do=view&targe
t=sctp-addip.cap

Also, using --enable-sourcefire causes this SIGSEGV to disappear.  What
is that configure flag doing, exactly?


Thanks!,

--J




More information about the Snort-devel mailing list