[Snort-users] Segfault on fun funy rule

Jason Monroe "JC" monroe at ...5738...
Wed Feb 25 20:36:05 EST 2004

Hello Everybody,

Downloaded 2.1.1 built it against Fedora Core 1 
pcre 4.4 

[root at ...11312... root]# gcc -v
Reading specs from /usr/lib/gcc-lib/i386-redhat-linux/3.3.2/specs
Configured with: ../configure --prefix=/usr --mandir=/usr/share/man
--infodir=/usr/share/info --enable-shared --enable-threads=posix
--disable-checking --with-system-zlib --enable-__cxa_atexit
Thread model: posix
gcc version 3.3.2 20031022 (Red Hat Linux 3.3.2-1)

Have rule in local.rules that causes breakage 

alert tcp any any -> any any (msg:"Telnet login as

I mistakenly typed a ":" instead of "," between the flow statement 

When I correct the rule snort is able to init correctly :) 
(the glass is half full)

[root at ...11312... root]# /opt/snort/bin/snort -T -v -c /etc/snort/snort.conf
.... sparing details

telnet_decode arguments:
    Ports to decode telnet on: 21 23 25 119
Segmentation fault

I looked at the FAQ said DO GDB so here it is 
[root at ...11312... root]# gdb snort
GNU gdb Red Hat Linux (5.3.90-0.20030710.41rh)
Copyright 2003 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you
welcome to change it and/or distribute copies of it under certain
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for
This GDB was configured as "i386-redhat-linux-gnu"...Using host
libthread_db library "/lib/tls/libthread_db.so.1".
(gdb) run snort -T -v -c /etc/snort/snort.conf
Starting program: /opt/snort/bin/snort snort -T -v -c
Running in IDS mode
Log directory = /var/log/snort
Initializing Network Interface eth0
ERROR: OpenPcap() FSM compilation failed:
        syntax error
PCAP command: snort
Fatal Error, Quitting..
Program exited with code 01.
(gdb) where
No stack.
(gdb) bt
No stack.

