[Snort-users] Weird fragmentation plugin error

Wozz wozz+snort at ...471...
Fri Apr 20 17:34:21 EDT 2001

On Thu, Apr 19, 2001 at 12:30:03AM -0400, Martin Roesch wrote:
> Ouch. :)  Here's a quick fix (these messages shouldn't be logged as
> alerts anyway, they should be log messages).  I hope you aren't
> replacing Snort 100% with Dragon, we've got some fun stuff coming up...
> :)

I spoke too soon (or perhaps found another bug.  Same system (With your patch) is
now crashing in what seems to be a different area of the defrag plugin.  Here's the

Program received signal SIGSEGV, Segmentation fault.
0x19c0a in fragcompare (i=0x62b800, j=0x62b800) at spp_defrag.c:171
171         if(SADDR(i) > SADDR(j))
(gdb) bt
#0  0x19c0a in fragcompare (i=0x62b800, j=0x62b800) at spp_defrag.c:171
#1  0x19d9a in fragsplay (i=0x62b800, t=0x5560b0) at spp_defrag.c:244
#2  0x19f6d in fragdelete (i=0x62b800, t=0x5560b0) at spp_defrag.c:378
#3  0x1a9ba in PreprocDefrag (p=0xdfbfd5b0) at spp_defrag.c:939
#4  0xe824 in Preprocess (p=0xdfbfd5b0) at rules.c:3016
#5  0x1ff5 in ProcessPacket (user=0x0, pkthdr=0x58084, 
    pkt=0x58096 "\002`R(\200") at snort.c:463
#6  0x4004f151 in pcap_read ()
#7  0x400605a7 in pcap_loop ()
#8  0x3ee9 in InterfaceThread (arg=0x0) at snort.c:1278
#9  0x1ee2 in main (argc=12, argv=0xdfbfdaf4) at snort.c:397

Any thoughts?

