[Oisf-devel] Suricata 2.0dev + PF_RING 5.6.0 sporadic crashes in HTPCallbackRequest
Anoop Saldanha
anoopsaldanha at gmail.com
Fri Jul 19 16:27:23 UTC 2013
On Fri, Jul 19, 2013 at 9:31 PM, Anoop Saldanha <anoopsaldanha at gmail.com> wrote:
> On Fri, Jul 19, 2013 at 9:22 PM, Victor Julien <victor at inliniac.net> wrote:
>> On 07/19/2013 05:35 PM, Chris Wakelin wrote:
>>> On 19/07/13 13:58, Anoop Saldanha wrote:
>>>>
>>>> Can you run the lastest master(post 0.5.x changes). There were some
>>>> bugs in libhtp which were fixed explicitly for 1.4.x, and for the
>>>> master we relied on the 0.5.x fixing it.
>>>>
>>>
>>> Hmm - done that (I cloned libhtp repository into the Suricata build
>>> directory), and now I'm getting most entries in http.log with "hostname
>>> unknown" (though interestingly a file captured with "filestore" had the
>>> correct hostname in its .meta file, though the matching HTTP log entry
>>> didn't). I can reproduce it with pcaps (exploit kits from a sandbox).
>>>
>>> Have I missed a necessary configuration change?
>>
>> No, I think this is a bug.
>>
>> Interestingly, the .meta file just gets the value of the Host header,
>> while the http.log uses htp's tx->parsed_uri->hostname.
>>
>> Anoop, can you check it out?
>>
>
> On it.
>
Fix supplied and is in review stage.
--
-------------------------------
Anoop Saldanha
http://www.poona.me
-------------------------------
More information about the Oisf-devel
mailing list