[Snort-openappid] snort-2.9.7.0_beta u2streamer memory issue

Peyman Gohari peyman.gohari.pub at ...8...
Thu Aug 14 07:11:36 EDT 2014


Hi

  I have installed ArchLinux on my ARM7 platform and compiled the same
version of snort.
  The error is exactly the same:

[root at ...42... odp]# u2streamer --path=/var/log/snort --name=appstats-unified.log
Looking with timestamp: 0
*** Error in `u2streamer': free(): invalid next size (normal): 0x000140f0 ***
Aborted

  Can you someone confirm that u2streamer actually works in a x86/64 platform?

Peyman

On Thu, Aug 14, 2014 at 7:50 AM, Peyman Gohari
<peyman.gohari.pub at ...8...> wrote:
> Thanks Costas for your message.
> This is the only platform I have been testing OpenAppId on.
> I am planning to install ArchLinux on my BBB to give another try. I
> will let you know the result.
>
> Regards
> PG
>
> On Thu, Aug 14, 2014 at 6:35 AM, Costas Kleopa (ckleopa)
> <ckleopa at ...5...> wrote:
>> Thank you for the update Peyman. We haven¹t tested that utility in such
>> hardware
>> so we will try and reproduce it to see what the problem is.
>>
>> Were you able to get the u2streamer to work on an Ubuntu with 4Gigs or RAM
>> or this
>> is the only version of OS/CPU you can test openappid for now?
>>
>>
>> On 8/13/14, 2:52 PM, "Peyman Gohari" <peyman.gohari.pub at ...8...> wrote:
>>
>>>Hi Costas
>>>
>>>  Here are the requested details: it is a debian (wheezy) running on a
>>>Beagle Bone Black.
>>>   - processor: AM335x 1GHz ARM® Cortex-A8
>>>   - memory: 512MB DDR3 RAM + I have added a swap file of 512MB
>>>running from 4GB 8-bit eMMC on-board flash storage
>>>
>>>  Some more details:
>>>root at ...40...:~# uname -a
>>>Linux beaglebone 3.8.13-bone47 #1 SMP Fri Apr 11 01:36:09 UTC 2014
>>>armv7l GNU/Linux
>>>
>>>root at ...40...:~# more /proc/version
>>>Linux version 3.8.13-bone47 (root at ...41...) (gcc version
>>>4.6.3 (Debian 4.6.3-14) ) #1 SMP Fri Apr 11 01:36:09 UTC 2014
>>>
>>>root at ...40...:~# lscpu
>>>Architecture:          armv7l
>>>Byte Order:            Little Endian
>>>CPU(s):                1
>>>On-line CPU(s) list:   0
>>>Thread(s) per core:    1
>>>Core(s) per socket:    1
>>>Socket(s):             1
>>>
>>>  Thanks
>>>Peyman
>>>
>>>On Wed, Aug 13, 2014 at 10:46 PM, Costas Kleopa (ckleopa)
>>><ckleopa at ...5...> wrote:
>>>> Peyman,
>>>>
>>>> Can you confirm the exact OS, and memory you are using to test this?
>>>>
>>>> Thanks
>>>> Costas
>>>>
>>>>
>>>> From: Peyman Gohari <peyman.gohari.pub at ...8...>
>>>> Date: Tuesday, August 12, 2014 at 8:32 PM
>>>> To: "snort-openappid at lists.sourceforge.net"
>>>> <snort-openappid at lists.sourceforge.net>
>>>> Subject: [Snort-openappid] snort-2.9.7.0_beta u2streamer memory issue
>>>>
>>>> Hi
>>>>
>>>>   I am running snort-2.9.7.0_beta with openappid on an ARM7 platform.
>>>>   u2streamer fails with the following message:
>>>>
>>>>    u2streamer --path=/var/log/snort --name=appstats-unified.log  Looking
>>>> with timestamp: 0
>>>> *** glibc detected *** u2streamer: free(): invalid next size (normal):
>>>> 0x000140f0 ***
>>>> Aborted
>>>>
>>>>   Having a look at the code shows that the malloc in u2streamer.c may
>>>>be the
>>>> source of the issue:
>>>>
>>>> static int ParseCommandLine(int argc, char *argv[])
>>>> {
>>>> ...
>>>>  case 'n':
>>>>                 config.name = malloc(strlen(optarg))+2;
>>>> ...
>>>>
>>>>   Having increased the memory allocated by the malloc prevents the
>>>>crash,
>>>> but I am still not getting any log added to /var/log/auth.log
>>>>
>>>>   What am I missing?
>>>>
>>>> Thanks!
>>>> PG
>>




More information about the Snort-openappid mailing list