[Oisf-devel] Segmentation fault on the latest Suricata beta
Victor Julien
victor at inliniac.net
Fri Dec 20 15:30:33 UTC 2013
On 12/20/2013 04:23 PM, Duarte Silva wrote:
> On Thursday 19 December 2013 14:40:33 Duarte Silva wrote:
>> On Thursday 19 December 2013 15:05:17 Victor Julien wrote:
>>> On 12/19/2013 02:42 PM, Duarte Silva wrote:
>>>> Hi guys,
>>>>
>>>> just a heads up, there is a segmentation fault when using the HTTP
>>>> custom
>>>> log (while printing the host name) on the latest 2.0 beta.
>>>>
>>>> I have looked at the code and will create a pull request on GitHub with
>>>> a
>>>> possible fix. More info can be found at [1].
>>>
>>> Thanks Duarte, looking forward to the patch.
>>
>> It seems to be a regression. I have created the pull request [1] (already
>> tested it and no segmentation fault has occurred).
>>
>> [2] https://github.com/inliniac/suricata/pull/734
>>
>>>> Another thing, the issue [2] can be closed.
>
> Just for the record, the issue reported on [2] happened again. I think the
> reason is related with the fact that, while testing the patch for [1], I was
> compiling Suricata with all stack protections enabled. After disabling that,
> Suricata hasn't crashed when a signature matches (it has been running for 22
> hours and matched signatures 21 times) .
>
> Follows the patch I used to enable stack protections:
>
> diff --git a/configure.ac b/configure.ac
> index 4b394c6..e0c9ec5 100644
> --- a/configure.ac
> +++ b/configure.ac
> @@ -246,10 +246,10 @@
>
> AS_IF([test "x$enable_gccprotect" = "xyes"], [
> #buffer overflow protection
> - AC_MSG_CHECKING(for -fstack-protector)
> + AC_MSG_CHECKING(for -fstack-protector-all)
> TMPCFLAGS="${CFLAGS}"
> - CFLAGS="${CFLAGS} -fstack-protector"
> - AC_TRY_LINK(,,SECCFLAGS="${SECCFLAGS} -fstack-protector"
> + CFLAGS="${CFLAGS} -fstack-protector-all"
> + AC_TRY_LINK(,,SECCFLAGS="${SECCFLAGS} -fstack-protector-all"
> AC_MSG_RESULT(yes),
> AC_MSG_RESULT(no))
> CFLAGS="${TMPCFLAGS}"
>
> Hope it helps in future problems, cheers,
Care to do a PR for this? Maybe it'd be best to check for both options
separately, so that if the -all option isn't available, we can still use
the regular option.
Cheers,
Victor
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-devel
mailing list