[Snort-users] Weird fragmentation plugin error

Wozz wozz+snort at ...471...
Sat Apr 21 07:38:00 EDT 2001


On Fri, Apr 20, 2001 at 03:34:21PM -0600, Wozz wrote:
> On Thu, Apr 19, 2001 at 12:30:03AM -0400, Martin Roesch wrote:
> > 
> > Ouch. :)  Here's a quick fix (these messages shouldn't be logged as
> > alerts anyway, they should be log messages).  I hope you aren't
> > replacing Snort 100% with Dragon, we've got some fun stuff coming up...
> > :)
> > 
> 
> I spoke too soon (or perhaps found another bug.  Same system (With your patch) is
> now crashing in what seems to be a different area of the defrag plugin.  Here's the
> backtrace
> 
> Program received signal SIGSEGV, Segmentation fault.
> 0x19c0a in fragcompare (i=0x62b800, j=0x62b800) at spp_defrag.c:171
> 171         if(SADDR(i) > SADDR(j))
> (gdb) bt
> #0  0x19c0a in fragcompare (i=0x62b800, j=0x62b800) at spp_defrag.c:171
> #1  0x19d9a in fragsplay (i=0x62b800, t=0x5560b0) at spp_defrag.c:244
> #2  0x19f6d in fragdelete (i=0x62b800, t=0x5560b0) at spp_defrag.c:378
> #3  0x1a9ba in PreprocDefrag (p=0xdfbfd5b0) at spp_defrag.c:939
> #4  0xe824 in Preprocess (p=0xdfbfd5b0) at rules.c:3016
> #5  0x1ff5 in ProcessPacket (user=0x0, pkthdr=0x58084, 
>     pkt=0x58096 "\002`R(\200") at snort.c:463
> #6  0x4004f151 in pcap_read ()
> #7  0x400605a7 in pcap_loop ()
> #8  0x3ee9 in InterfaceThread (arg=0x0) at snort.c:1278
> #9  0x1ee2 in main (argc=12, argv=0xdfbfdaf4) at snort.c:397
> (gdb) 
> 

Just happenned again, same problems

Program received signal SIGSEGV, Segmentation fault.
0x19c0a in fragcompare (i=0x3e800, j=0x3e800) at spp_defrag.c:171
171         if(SADDR(i) > SADDR(j))
(gdb) bt
#0  0x19c0a in fragcompare (i=0x3e800, j=0x3e800) at spp_defrag.c:171
#1  0x19d9a in fragsplay (i=0x3e800, t=0x7c5e0) at spp_defrag.c:244
#2  0x19f6d in fragdelete (i=0x3e800, t=0x7c5e0) at spp_defrag.c:378
#3  0x1a5ac in ReassembleIP (froot=0x7c5e0) at spp_defrag.c:737
#4  0x1a8e4 in PreprocDefrag (p=0xdfbfd59c) at spp_defrag.c:910
#5  0xe824 in Preprocess (p=0xdfbfd59c) at rules.c:3016
#6  0x1ff5 in ProcessPacket (user=0x0, pkthdr=0x53e0c, 
    pkt=0x53e1e "\002`R(\200") at snort.c:463
#7  0x4004f151 in pcap_read ()
#8  0x400605a7 in pcap_loop ()
#9  0x3ee9 in InterfaceThread (arg=0x0) at snort.c:1278
#10 0x1ee2 in main (argc=12, argv=0xdfbfdae0) at snort.c:397
(gdb) 





More information about the Snort-users mailing list