[Oisf-devel] Segmentation fault on the latest Suricata beta

Victor Julien victor at inliniac.net
Fri Dec 20 15:30:33 UTC 2013


On 12/20/2013 04:23 PM, Duarte Silva wrote:
> On Thursday 19 December 2013 14:40:33 Duarte Silva wrote:
>> On Thursday 19 December 2013 15:05:17 Victor Julien wrote:
>>> On 12/19/2013 02:42 PM, Duarte Silva wrote:
>>>> Hi guys,
>>>>
>>>> just a heads up, there is a segmentation fault when using the HTTP
>>>> custom
>>>> log (while printing the host name) on the latest 2.0 beta.
>>>>
>>>> I have looked at the code and will create a pull request on GitHub with
>>>> a
>>>> possible fix. More info can be found at [1].
>>>
>>> Thanks Duarte, looking forward to the patch.
>>
>> It seems to be a regression. I have created the pull request [1] (already
>> tested it and no segmentation fault has occurred).
>>
>> [2] https://github.com/inliniac/suricata/pull/734
>>
>>>> Another thing, the issue [2] can be closed.
> 
> Just for the record, the issue reported on [2] happened again. I think the 
> reason is related with the fact that, while testing the patch for [1], I was 
> compiling Suricata with all stack protections enabled. After disabling that, 
> Suricata hasn't crashed when a signature matches (it has been running for 22 
> hours and matched signatures 21 times) .
> 
> Follows the patch I used to enable stack protections:
> 
> diff --git a/configure.ac b/configure.ac
> index 4b394c6..e0c9ec5 100644
> --- a/configure.ac
> +++ b/configure.ac
> @@ -246,10 +246,10 @@
> 
>      AS_IF([test "x$enable_gccprotect" = "xyes"], [
>          #buffer overflow protection
> -        AC_MSG_CHECKING(for -fstack-protector)
> +        AC_MSG_CHECKING(for -fstack-protector-all)
>          TMPCFLAGS="${CFLAGS}"
> -        CFLAGS="${CFLAGS} -fstack-protector"
> -        AC_TRY_LINK(,,SECCFLAGS="${SECCFLAGS} -fstack-protector"
> +        CFLAGS="${CFLAGS} -fstack-protector-all"
> +        AC_TRY_LINK(,,SECCFLAGS="${SECCFLAGS} -fstack-protector-all"
>          AC_MSG_RESULT(yes),
>          AC_MSG_RESULT(no))
>          CFLAGS="${TMPCFLAGS}"
> 
> Hope it helps in future problems, cheers,

Care to do a PR for this? Maybe it'd be best to check for both options
separately, so that if the -all option isn't available, we can still use
the regular option.

Cheers,
Victor

-- 
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------




More information about the Oisf-devel mailing list