Snort mailing list archives
Re: Snort 2.9.7.0 enters into infinity loop getApplicationData
From: souber () interia pl
Date: Mon, 24 Nov 2014 11:33:18 +0100
below stack could be helpful
(gdb) bt
#0 getApplicationData (scbptr=0x7fffc4d81600, protocol=30) at spp_session.c:2741
#1 0x00000000004e467d in get_file_session (ssnptr=<optimized out>) at file_service.c:237
#2 get_main_file_context (ssnptr=<optimized out>) at file_service.c:253
#3 get_file_processed_size (ssnptr=<optimized out>) at file_service.c:868
#4 get_file_position (pkt=<optimized out>) at file_service.c:1028
#5 get_file_position (pkt=<optimized out>) at file_service.c:1015
#6 0x000000000048688e in SnortHttpInspect (GlobalConf=0x16cb410, p=0x196f6d0) at snort_httpinspect.c:4376
#7 0x00000000004805c9 in HttpInspect (p=<optimized out>, context=<optimized out>) at spp_httpinspect.c:211
#8 0x000000000043d69e in DispatchPreprocessors (policy=<optimized out>, policy_id=<optimized out>, p=0x196f6d0) at
detect.c:136
#9 Preprocess (p=0x196f6d0) at detect.c:234
#10 0x00000000004b344f in _flush_to_seq (st=0x7fffeaf4ab50, bytes=<optimized out>, p=0xe91c60, dir=64, dp=<error
reading variable: Unhandled dwarf expression opcode 0xfa>,
sp=<error reading variable: Unhandled dwarf expression opcode 0xfa>, dip=<error reading variable: Unhandled dwarf
expression opcode 0xfa>,
sip=<error reading variable: Unhandled dwarf expression opcode 0xfa>, tcpssn=<error reading variable: Unhandled
dwarf expression opcode 0xfa>) at snort_stream_tcp.c:4336
#11 0x00000000004b9951 in StreamFlushTalker (p=p@entry=0xe91c60, scb=<optimized out>) at snort_stream_tcp.c:4883
#12 0x0000000000490838 in StreamResponseFlushStream (p=0xe91c60) at spp_stream6.c:913
#13 StreamResponseFlushStream (p=0xe91c60) at spp_stream6.c:906
#14 0x0000000000492374 in freeSessionApplicationData (session=0x7fffc4d81600) at spp_session.c:1756
#15 0x00000000004be476 in ProcessTcp (scb=scb@entry=0x7fffc4d81600, p=p@entry=0xe91c60, tdb=tdb@entry=0x7fffffffdc80,
s5TcpPolicy=s5TcpPolicy@entry=0x7fffe62b7010) at snort_stream_tcp.c:8629
#16 0x00000000004c0183 in StreamProcessTcp (p=p@entry=0xe91c60, scb=scb@entry=0x7fffc4d81600,
s5TcpPolicy=0x7fffe62b7010, skey=skey@entry=0x7fffffffdd10) at snort_stream_tcp.c:5639
#17 0x000000000049016a in StreamProcess (p=0xe91c60, context=<optimized out>) at spp_stream6.c:751
#18 0x000000000043d69e in DispatchPreprocessors (policy=<optimized out>, policy_id=<optimized out>, p=0xe91c60) at
detect.c:136
#19 Preprocess (p=p@entry=0xe91c60) at detect.c:234
#20 0x00000000004317f8 in ProcessPacket (p=p@entry=0xe91c60, pkthdr=pkthdr@entry=0x7fffffffde20,
pkt=pkt@entry=0x7fffd0695676 "\252", ft=ft@entry=0x0) at snort.c:1873
#21 0x0000000000433c20 in PacketCallback (user=<optimized out>, pkthdr=0x7fffffffde20, pkt=0x7fffd0695676 "\252") at
snort.c:1717
#22 0x00000000004efef5 in pcap_process_loop ()
#23 0x00007ffff7fbdfbe in ?? () from /usr/lib/x86_64-linux-gnu/libpcap.so.0.8
#24 0x00000000004f038d in pcap_daq_acquire ()
#25 0x000000000045261c in DAQ_Acquire (max=max@entry=0, callback=callback@entry=0x433a80 <PacketCallback>,
user=user@entry=0x0) at sfdaq.c:543
#26 0x0000000000434d04 in PacketLoop () at snort.c:3268
#27 SnortMain (argc=11, argv=<optimized out>) at snort.c:920
#28 0x00007ffff6709ead in __libc_start_main () from /lib/x86_64-linux-gnu/libc.so.6
#29 0x0000000000405aad in _start ()
Hello, I have a problem with newest version of snort :( For some reason main process enters into infinity loop in getApplicationData (spp_session.c). I cannot determine how it's possible :( Facts: 1. appData is the same with appData->next 2. appData->protocol is 5 (PP_HTTINSPECT) 3. protocol variable in getApplicaionData is 30 (PP_FILE) 4. it's not only one loop, after set NULL in next snort stack in another endless loop Any help? Any idea? Cheers, Jul. ------------------------------------------------------------------------------ Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration & more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=157005751&iu=/4140/ostg.clktrk _______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!
------------------------------------------------------------------------------ Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration & more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=157005751&iu=/4140/ostg.clktrk _______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Snort 2.9.7.0 enters into infinity loop getApplicationData souber (Nov 24)
- Re: Snort 2.9.7.0 enters into infinity loop getApplicationData souber (Nov 24)
- Re: Snort 2.9.7.0 enters into infinity loop getApplicationData Hui Cao (huica) (Nov 24)
- Re: Snort 2.9.7.0 enters into infinity loop getApplicationData Hui cao (Dec 02)
- Re: Snort 2.9.7.0 enters into infinity loop getApplicationData Hui Cao (huica) (Nov 24)
- Re: Snort 2.9.7.0 enters into infinity loop getApplicationData souber (Nov 24)