[Snort-openappid] snort segmentation fault

Costas Kleopa (ckleopa) ckleopa at ...5...
Wed Apr 23 10:34:18 EDT 2014


Thank you for the info. We verified this is a known issue and we will include the fix for this in the next release.

From: Сергей Малинкин <malinkinsa at ...8...<mailto:malinkinsa at ...8...>>
Date: Wednesday, April 23, 2014 at 8:41 AM
To: ckleopa <ckleopa at ...5...<mailto:ckleopa at ...5...>>
Subject: Re: [Snort-openappid] snort segmentation fault

Hello.
launched snort in gdb.
Results:

Program received signal SIGSEGV, Segmentation fault.
0x080e2bee in StatelessInspection (p=0x871ab60, Session=0x8b15ec0, hsd=0x0,
    stream_ins=1) at hi_client.c:3064
3064            if (hsd->log_state)
Missing separate debuginfos, use: debuginfo-install glibc-2.12-1.132.el6.i686 libgcc-4.4.7-4.el6.i686 libpcap-1.4.0-1.20130826git2dbcaa1.el6.i686 pcre-7.8-6.el6.i686 zlib-1.2.3-29.el6.i686


(gdb) bt
#0  0x080e2bee in StatelessInspection (p=0x871ab60, Session=0x8b15ec0,
    hsd=0x0, stream_ins=1) at hi_client.c:3064
#1  0x080c7425 in SnortHttpInspect (GlobalConf=0x8f06098, p=0x871ab60)
    at snort_httpinspect.c:3564
#2  0x080c1063 in HttpInspect (p=0x871ab60, context=0x0)
    at spp_httpinspect.c:210
#3  0x0807f831 in Preprocess (p=0x871ab60) at detect.c:177
#4  0x080734f0 in ProcessPacket (p=0x871ab60, pkthdr=0xbffff580,
    pkt=0x96edf346 "\214\347H\037׆", ft=0x0) at snort.c:1856
#5  0x08074e2e in PacketCallback (user=0x0, pkthdr=0xbffff580,
    pkt=0x96edf346 "\214\347H\037׆") at snort.c:1693
#6  0x08127228 in afpacket_daq_acquire (handle=0xd4b3720, cnt=0,
    callback=0x8074c70 <PacketCallback>, metaback=0, user=0x0)
    at daq_afpacket.c:845
#7  0x080906db in DAQ_Acquire (max=0, callback=0x8074c70 <PacketCallback>,
    user=0x0) at sfdaq.c:541
#8  0x08078bc8 in PacketLoop (argc=14, argv=0xbffff714) at snort.c:3184
#9  SnortMain (argc=14, argv=0xbffff714) at snort.c:896
#10 0x08079106 in main (argc=14, argv=0xbffff714) at snort.c:803


(gdb) info registers
eax            0x0      0
ecx            0x0      0
edx            0x8fe8210        150897168
ebx            0x8b15ec0        145841856
esp            0xbfffeff0       0xbfffeff0
ebp            0xbffff218       0xbffff218
esi            0x871ab60        141667168
edi            0x0      0
eip            0x80e2bee        0x80e2bee <StatelessInspection+2718>
eflags         0x10246  [ PF ZF IF RF ]
cs             0x73     115
ss             0x7b     123
ds             0x7b     123
es             0x7b     123
fs             0x0      0
gs             0x33     51


2014-04-23 16:17 GMT+04:00 Сергей Малинкин <malinkinsa at ...8...<mailto:malinkinsa at ...8...>>:
Hello,
luajit-2.0.2

"Can you provide us with a call stack for the segfault? "
how can I do it?
thx


2014-04-23 16:01 GMT+04:00 Costas Kleopa (ckleopa) <ckleopa at ...5...<mailto:ckleopa at ...5...>>:

Can you provide us with a call stack for the segfault?

Also can you also let us know what version of Lua your have installed?

Thanks,
Costas

On Apr 23, 2014, at 7:56 AM, "Сергей Малинкин" <malinkinsa at ...8...<mailto:malinkinsa at ...8...>> wrote:

Hello.
I install snort+ openappid using this manual: http://blog.snort.org/2014/03/openappid-install-video.html
But i use centos 6.5.
And now snort works for a while and then falls to segmentation fault.
Reassembly brought nothing,could it be the fact that I use CentOS?
Thx
------------------------------------------------------------------------------
Start Your Social Network Today - Download eXo Platform
Build your Enterprise Intranet with eXo Platform Software
Java Based Open Source Intranet - Social, Extensible, Cloud Ready
Get Started Now And Turn Your Intranet Into A Collaboration Platform
http://p.sf.net/sfu/ExoPlatform
_______________________________________________
Snort-openappid mailing list
Snort-openappid at lists.sourceforge.net<mailto:Snort-openappid at lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/snort-openappid

Please visit http://blog.snort.org to stay current on all the latest Snort news!


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-openappid/attachments/20140423/04c45b3b/attachment.html>


More information about the Snort-openappid mailing list