[Snort-users] Re: [snort] SEGV in snort 1.6.2.2

Martin Roesch roesch at ...1...
Wed Jul 19 02:45:11 EDT 2000


It looks like the rule parser is choking on something.  Did you define your
$HOME_NET variable?  What rules are you running?

Jason Oakley wrote:
> 
> At 11:10 19/07/2000, you wrote:
> >can you type `where' in your gdb so we could see stack traceback too? :-)
> Sure!
> 
> This GDB was configured as "sparc-sun-solaris2.7"...
> Core was generated by `snort -A full -c sn.lb -D -g nobody -h
> 129.78.154.0/24 -l /var/log/snort -u nob'.
> Program terminated with signal 11, Segmentation Fault.
> Reading symbols from /usr/lib/libsocket.so.1...done.
> Reading symbols from /usr/lib/libnsl.so.1...done.
> Reading symbols from /usr/lib/libc.so.1...done.
> Reading symbols from /usr/lib/libdl.so.1...done.
> Reading symbols from /usr/lib/libmp.so.2...done.
> Reading symbols from /usr/platform/SUNW,Ultra-250/lib/libc_psr.so.1...done.
> Reading symbols from /usr/lib/nss_files.so.1...done.
> #0  0xff1b71a4 in strncmp () from /usr/lib/libc.so.1
> (gdb) where
> #0  0xff1b71a4 in strncmp () from /usr/lib/libc.so.1
> #1  0x1fedc in ParseIP (paddr=0x0, ip_addr=0x56808, netmask=0x5680c) at
> rules.c:1550
> #2  0x24ca0 in CreateServerList (servers=0x67750 "") at spp_portscan.c:1466
> #3  0x24bec in PortscanIgnoreHostsInit (args=0x673b8 "") at spp_portscan.c:1417
> #4  0x1f42c in ParsePreprocessor (rule=0x56fd8 "") at rules.c:907
> #5  0x1ec08 in ParseRule (prule=0x5 <Address 0x5 out of bounds>,
> inclevel=0) at rules.c:272
> #6  0x1eaac in ParseRulesFile (file=0x57528 "sn.lb", inclevel=0) at rules.c:121
> #7  0x183a0 in main (argc=16, argv=0xffbefc74) at snort.c:182
> 
> =:)
> -------------------- )O( ---------------------
> Jason     Oakley  Computer   Systems   Officer
> Pharmacy Faculty  University     of     Sydney
> Phone  9351 5647  http://www.pharm.usyd.edu.au
> 
> Split a piece of wood and you will find me
> Lift a rock and I am there.
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> http://lists.sourceforge.net/mailman/listinfo/snort-users

-- 
Martin Roesch                      <roesch at ...2...>
Core R&D                         http://www.hiverworld.com
Hiverworld, Inc.       Continuous Adaptive Risk Management




More information about the Snort-users mailing list