[Snort-users] Weird fragmentation plugin error

Achim Gsell a at ...1898...
Wed Apr 25 05:32:56 EDT 2001


On Tuesday 24 April 2001 20:58, Martin Roesch wrote:
> I think this is a memory alignment problem, I'm going to fiddle with
> this code and get rid of the inlined preprocessor comparison code.  I've
> seen some other crashes here before but it never seems to be for any
> sort of valid reason.
>
>
>     -Marty
>
> Wozz wrote:
> > On Fri, Apr 20, 2001 at 03:34:21PM -0600, Wozz wrote:
> >
> > Just happenned again, same problems
> >
> > Program received signal SIGSEGV, Segmentation fault.
> > 0x19c0a in fragcompare (i=0x3e800, j=0x3e800) at spp_defrag.c:171
> > 171         if(SADDR(i) > SADDR(j))
> > (gdb) bt
> > #0  0x19c0a in fragcompare (i=0x3e800, j=0x3e800) at spp_defrag.c:171
> > #1  0x19d9a in fragsplay (i=0x3e800, t=0x7c5e0) at spp_defrag.c:244
> > #2  0x19f6d in fragdelete (i=0x3e800, t=0x7c5e0) at spp_defrag.c:378
> > #3  0x1a5ac in ReassembleIP (froot=0x7c5e0) at spp_defrag.c:737
> > #4  0x1a8e4 in PreprocDefrag (p=0xdfbfd59c) at spp_defrag.c:910
> > #5  0xe824 in Preprocess (p=0xdfbfd59c) at rules.c:3016
> > #6  0x1ff5 in ProcessPacket (user=0x0, pkthdr=0x53e0c,
> >     pkt=0x53e1e "\002`R(\200") at snort.c:463
> > #7  0x4004f151 in pcap_read ()
> > #8  0x400605a7 in pcap_loop ()
> > #9  0x3ee9 in InterfaceThread (arg=0x0) at snort.c:1278
> > #10 0x1ee2 in main (argc=12, argv=0xdfbfdae0) at snort.c:397
> > (gdb)
> >

I think this is the same problem I discussed with Fyodor last week in 
[snort-devel]. There were some error in memory allocation/releasing 
(Referencing memory after freeing it!) The error was fixed in the CVS 
repository on April 20th for version 1.8beta3. To fix the problem in version 
1.7 you can replace "spp_defrag.c" with the fixed file from the CVS 
repository.

Achim




More information about the Snort-users mailing list