Hosting Provided By

[Snort-devel] BUG

From: Eric Lauzon <eric.lauzon(at)abovesecurity.com>
Date: Sun May 04 2003 - 23:48:42 EDT

Whats happening here is kinda wierd
i get all sort of errors message also

$uname -a
OpenBSD xxx.xxxx.xxxx 3.3 GENERIC#0 i386 $snort-2.0.0/src/snort -l bb -i em1 -c ./snort-2.0.0/rules/snort.conf Initializing rule chains...
No arguments to frag2 directive, setting defaults to:

    Fragment timeout: 60 seconds
    Fragment memory cap: 4194304 bytes
    Fragment min_ttl: 0
    Fragment ttl_limit: 5
    Fragment Problems: 0
    Self preservation threshold: 500
    Self preservation period: 90
    Suspend threshold: 1000
    Suspend period: 30
telnet_decode arguments:

Ports to decode telnet on: 21 23 25 119 Using LOCAL time

database: compiled support for ( postgresql )
database: configured to use postgresql
database:          user = csc2
database: database name = above01
database:          host = 10.1.0.107
database: password is set
database:   sensor name = ussd_dell20_test
database:     sensor id = 133
database: postgresql_error: ERROR:  Attribute "last_cid" not found

database: postgresql_error: ERROR: Relation "sensor" has no column "last_cid"

database: inconsistent cid information for sid=133

Recovering by rolling forward the cid=23 database: schema version = 106
database: using the "alert" facility

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!1823 Snort rules read...

1823 Option Chains linked into 232 Chain Headers Version 2.0.0 (Build 72)
By Martin Roesch (roesch@sourcefire.com, www.snort.org)

snort in free(): warning: chunk is already free. database: postgresql_error: ERROR: Bad timestamp external representation ''

snort in free(): warning: chunk is already free.
snort in free(): warning: chunk is already free.
snort in free(): warning: chunk is already free.

database: postgresql_error: ERROR: Bad timestamp external representation ''

Do you need help?

Memory fault (core dumped)
$gdb -c snort.core snort-2.0.0/src/sort
(gdb) bt
#0 0x4011bb0a in strrchr ()
#1 0x4015a060 in _GLOBAL_OFFSET_TABLE_ ()
#2 0x4011bbe5 in strrchr ()
#3 0x4011bef5 in strrchr ()
#4 0x4011c54b in malloc ()
#5 0x401480f0 in calloc ()
#6 0x1c3f6 in fasthex (xdata=0x1d8ef4 "$D\r\003\005xö\002", length=785) at
plugbase.c:1648
#7 0x10540 in mSearch (buf=0x1d8ef4 "$D\r\003\005xö\002", blen=785,

ptrn=0x448320 "\023À\034¦\023À\034¦\023À\034¦\023À\034¦", plen=16, skip=0x449c00, shift=0x443c80)

at mstring.c:496
#8 0x47824 in uniSearchReal (data=0x1d8ef4 "$D\r\003\005xö\002", dlen=785,
pmd=0x443c40, nocase=0)

at sp_pattern_match.c:360
#9 0x4722d in uniSearch (data=0x1d8ef4 "$D\r\003\005xö\002", dlen=785,
pmd=0x443c40) at sp_pattern_match.c:199
#10 0x49bec in CheckANDPatternMatch (p=0xcfbfd3c8, otn_idx=0x44b200,
fp_list=0x44a3d0) at sp_pattern_match.c:1225
#11 0x2e797 in fpEvalOTN (List=0x44b200, p=0xcfbfd3c8) at fpdetect.c:414
#12 0x2eacc in fpEvalRTNSW (rtn=0x416b80, otn=0x44b200, p=0xcfbfd3c8,
check_ports=1) at fpdetect.c:574
#13 0x2eb58 in otnx_match (id=13262224, index=57, data=0x82ba4) at
fpdetect.c:622
#14 0x309e2 in mwmSearchExNoBC (ps=0xc76800, Tx=0x82cbc
"$D\r\003\005Xö\002", n=785,

Tc=0x1d8ef4 "$D\r\003\005xö\002", match=0x2eae4 <otnx_match>, data=0x82ba4) at mwm.c:908
#15 0x3198b in mwmSearch (pv=0xc76800, T=0x1d8ef4 "$D\r\003\005xö\002",
n=785, match=0x2eae4 <otnx_match>,

data=0x82ba4) at mwm.c:1402
#16 0x320bb in mpseSearch (pv=0xc78c80, T=0x1d8ef4 "$D\r\003\005xö\002",
n=785, action=0x2eae4 <otnx_match>,

data=0x82ba4) at mpse.c:219
#17 0x2f112 in fpEvalHeaderSW (port_group=0x724d80, p=0xcfbfd3c8,
check_ports=1) at fpdetect.c:943
#18 0x2f4be in fpEvalHeaderTcp (p=0xcfbfd3c8) at fpdetect.c:1132
#19 0x2f744 in fpEvalPacket (p=0xcfbfd3c8) at fpdetect.c:1288
#20 0x278fc in Detect (p=0xcfbfd3c8) at detect.c:283
#21 0x274dd in Preprocess (p=0xcfbfd3c8) at detect.c:104
#22 0x1d22b in ProcessPacket (user=0x0, pkthdr=0x1d8eac, pkt=0x1d8ebe "") at
snort.c:624
#23 0x400982d1 in pcap_read ()
#24 0x4009892f in pcap_loop ()
#25 0x1ffa0 in InterfaceThread (arg=0x0) at snort.c:1547

Eric Lauzon
Analyste en sécurite informatique
eric.lauzon@abovesecurity.com
\0x42\0x49\0x4e\0x46

1919,boul Lionel-Bertrand
Bureau 203
Boisbriand(Québec)
J7H 1N8

This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven.
http://thinkgeek.com/sf

Snort-devel mailing list
Snort-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-devel Received on Sun May 4 23:58:16 2003

Do you need more help?

This message: [ Message body ]
Next message: Derya Sezen: "[Snort-devel] http decoding"
Previous message: Brian Caswell: "[Snort-devel] new plugin targetted at speeding up snort"
In reply to Steven Rudolph: "RE: [Snort-devel] Solaris 8 crash"
Next in thread: Chris Green: "Re: [Snort-devel] BUG"
Reply: Chris Green: "Re: [Snort-devel] BUG"
Reply: Eric Lauzon: "[Snort-devel] (no subject)"
Reply: Eric Lauzon: "[Snort-devel] still having some issues here's a tissue."

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:08:05 EDT