[Oisf-devel] Segmentation fault on the latest Suricata beta

Duarte Silva duarte.silva at serializing.me
Fri Dec 20 15:23:38 UTC 2013 

On Thursday 19 December 2013 14:40:33 Duarte Silva wrote:
> On Thursday 19 December 2013 15:05:17 Victor Julien wrote:
> > On 12/19/2013 02:42 PM, Duarte Silva wrote:
> > > Hi guys,
> > > 
> > > just a heads up, there is a segmentation fault when using the HTTP
> > > custom
> > > log (while printing the host name) on the latest 2.0 beta.
> > > 
> > > I have looked at the code and will create a pull request on GitHub with
> > > a
> > > possible fix. More info can be found at [1].
> > 
> > Thanks Duarte, looking forward to the patch.
> 
> It seems to be a regression. I have created the pull request [1] (already
> tested it and no segmentation fault has occurred).
> 
> [2] https://github.com/inliniac/suricata/pull/734
> 
> > > Another thing, the issue [2] can be closed.

Just for the record, the issue reported on [2] happened again. I think the 
reason is related with the fact that, while testing the patch for [1], I was 
compiling Suricata with all stack protections enabled. After disabling that, 
Suricata hasn't crashed when a signature matches (it has been running for 22 
hours and matched signatures 21 times) .

Follows the patch I used to enable stack protections:

diff --git a/configure.ac b/configure.ac
index 4b394c6..e0c9ec5 100644
--- a/configure.ac
+++ b/configure.ac
@@ -246,10 +246,10 @@

     AS_IF([test "x$enable_gccprotect" = "xyes"], [
         #buffer overflow protection
-        AC_MSG_CHECKING(for -fstack-protector)
+        AC_MSG_CHECKING(for -fstack-protector-all)
         TMPCFLAGS="${CFLAGS}"
-        CFLAGS="${CFLAGS} -fstack-protector"
-        AC_TRY_LINK(,,SECCFLAGS="${SECCFLAGS} -fstack-protector"
+        CFLAGS="${CFLAGS} -fstack-protector-all"
+        AC_TRY_LINK(,,SECCFLAGS="${SECCFLAGS} -fstack-protector-all"
         AC_MSG_RESULT(yes),
         AC_MSG_RESULT(no))
         CFLAGS="${TMPCFLAGS}"

Hope it helps in future problems, cheers,
Duarte Silva

> > 
> > Done.
> > 
> > Cheers,
> > Victor
> 
> Cheers,
> Duarte
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3859 bytes
Desc: not available
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-devel/attachments/20131220/5d60e051/attachment-0002.bin>

More information about the Oisf-devel mailing list