[Snort-users] Snort SEGV in TCP Stream Reassembler

H D Moore hdm at ...1714...
Mon Apr 2 14:16:14 EDT 2001


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

(gdb) r -c snort.conf -u snort -g snort
Starting program: /usr/local/bin/snort -c snort.conf -u snort -g snort
 
 
        --== Initializing Snort ==--
 
Initializing Network Interface eth0
Decoding Ethernet on interface eth0
Initializing Preprocessors!
Initializing Plug-ins!
Initializating Output Plugins!
 
+++++++++++++++++++++++++++++++++++++++++++++++++++
Initializing rule chains...
database: compiled support for ( mysql )
database: configured to use mysql
database:          user = xxxxx
database: database name = xxxxxxx
database:          host = xxxxxxxxx
database: password is set
database:   sensor name = x.x.x.x
database:     sensor id = 1
database: using the "log" facility
792 Snort rules read...
792 Option Chains linked into 123 Chain Headers
0 Dynamic rules
+++++++++++++++++++++++++++++++++++++++++++++++++++
 
Rule application order: ->activation->dynamic->alert->log->pass
 
        --== Initialization Complete ==--
 
- -*> Snort! <*-
Version 1.7
By Martin Roesch (roesch at ...66..., www.snort.org)
 
 
[!] WARNING: TCP stream reassembler, Server Bytes in Buffer > Buffer Size 
(49276 > 48504)
Program received signal SIGSEGV, Segmentation fault.
0x1d74a7 in memcpy (dstpp=0x0, srcpp=0x8106acc, len=163)
    at ../sysdeps/generic/memcpy.c:55
55      ../sysdeps/generic/memcpy.c: No such file or directory.
(gdb)
(gdb)
(gdb)
(gdb) bt
#0  0x1d74a7 in memcpy (dstpp=0x0, srcpp=0x8106acc, len=163)
    at ../sysdeps/generic/memcpy.c:55
#1  0x806392b in TcpStreamPacket (p=0xbfffee08) at spp_tcp_stream.c:530
#2  0x80542df in Preprocess (p=0xbfffee08) at rules.c:3016
#3  0x804abd1 in ProcessPacket (user=0x0, pkthdr=0xbffff288, pkt=0x8106a8a "")
    at snort.c:463
#4  0x806dd8c in pcap_read ()
#5  0x806e3ac in pcap_loop ()
#6  0x804bd03 in InterfaceThread (arg=0x0) at snort.c:1278
#7  0x804aab3 in main (argc=7, argv=0xbffff3f4) at snort.c:397
(gdb)
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8

iQA/AwUBOsjB7jwRvqMPEDLhEQKrlgCePNmpC0L4hzPiCbErZJ9QFF8nVyUAoN7v
Y+9dpOLZOPVI7fDwnRSFhY2D
=R1w+
-----END PGP SIGNATURE-----




More information about the Snort-users mailing list