[Snort-openappid] snort-2.9.7.0_beta u2streamer memory issue

Peyman Gohari peyman.gohari.pub at ...8...
Wed Aug 13 14:52:57 EDT 2014


Hi Costas

  Here are the requested details: it is a debian (wheezy) running on a
Beagle Bone Black.
   - processor: AM335x 1GHz ARM® Cortex-A8
   - memory: 512MB DDR3 RAM + I have added a swap file of 512MB
running from 4GB 8-bit eMMC on-board flash storage

  Some more details:
root at ...40...:~# uname -a
Linux beaglebone 3.8.13-bone47 #1 SMP Fri Apr 11 01:36:09 UTC 2014
armv7l GNU/Linux

root at ...40...:~# more /proc/version
Linux version 3.8.13-bone47 (root at ...41...) (gcc version
4.6.3 (Debian 4.6.3-14) ) #1 SMP Fri Apr 11 01:36:09 UTC 2014

root at ...40...:~# lscpu
Architecture:          armv7l
Byte Order:            Little Endian
CPU(s):                1
On-line CPU(s) list:   0
Thread(s) per core:    1
Core(s) per socket:    1
Socket(s):             1

  Thanks
Peyman

On Wed, Aug 13, 2014 at 10:46 PM, Costas Kleopa (ckleopa)
<ckleopa at ...5...> wrote:
> Peyman,
>
> Can you confirm the exact OS, and memory you are using to test this?
>
> Thanks
> Costas
>
>
> From: Peyman Gohari <peyman.gohari.pub at ...8...>
> Date: Tuesday, August 12, 2014 at 8:32 PM
> To: "snort-openappid at lists.sourceforge.net"
> <snort-openappid at lists.sourceforge.net>
> Subject: [Snort-openappid] snort-2.9.7.0_beta u2streamer memory issue
>
> Hi
>
>   I am running snort-2.9.7.0_beta with openappid on an ARM7 platform.
>   u2streamer fails with the following message:
>
>    u2streamer --path=/var/log/snort --name=appstats-unified.log  Looking
> with timestamp: 0
> *** glibc detected *** u2streamer: free(): invalid next size (normal):
> 0x000140f0 ***
> Aborted
>
>   Having a look at the code shows that the malloc in u2streamer.c may be the
> source of the issue:
>
> static int ParseCommandLine(int argc, char *argv[])
> {
> ...
>  case 'n':
>                 config.name = malloc(strlen(optarg))+2;
> ...
>
>   Having increased the memory allocated by the malloc prevents the crash,
> but I am still not getting any log added to /var/log/auth.log
>
>   What am I missing?
>
> Thanks!
> PG




More information about the Snort-openappid mailing list