[Oisf-devel] Suricata 2.0dev + PF_RING 5.6.0 sporadic crashes in HTPCallbackRequest

Victor Julien victor at inliniac.net
Fri Jul 19 15:52:54 UTC 2013


On 07/19/2013 05:35 PM, Chris Wakelin wrote:
> On 19/07/13 13:58, Anoop Saldanha wrote:
>>
>> Can you run the lastest master(post 0.5.x changes).  There were some
>> bugs in libhtp which were fixed explicitly for 1.4.x, and for the
>> master we relied on the 0.5.x fixing it.
>>
> 
> Hmm - done that (I cloned libhtp repository into the Suricata build
> directory), and now I'm getting most entries in http.log with "hostname
> unknown" (though interestingly a file captured with "filestore" had the
> correct hostname in its .meta file, though the matching HTTP log entry
> didn't). I can reproduce it with pcaps (exploit kits from a sandbox).
> 
> Have I missed a necessary configuration change?

No, I think this is a bug.

Interestingly, the .meta file just gets the value of the Host header,
while the http.log uses htp's tx->parsed_uri->hostname.

Anoop, can you check it out?

-- 
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------




More information about the Oisf-devel mailing list