[Oisf-devel] Suricata 2.0dev + PF_RING 5.6.0 sporadic crashes in HTPCallbackRequest

Victor Julien victor at inliniac.net
Fri Jul 19 17:28:51 UTC 2013


On 07/19/2013 06:27 PM, Anoop Saldanha wrote:
> On Fri, Jul 19, 2013 at 9:31 PM, Anoop Saldanha <anoopsaldanha at gmail.com> wrote:
>> On Fri, Jul 19, 2013 at 9:22 PM, Victor Julien <victor at inliniac.net> wrote:
>>> On 07/19/2013 05:35 PM, Chris Wakelin wrote:
>>>> On 19/07/13 13:58, Anoop Saldanha wrote:
>>>>>
>>>>> Can you run the lastest master(post 0.5.x changes).  There were some
>>>>> bugs in libhtp which were fixed explicitly for 1.4.x, and for the
>>>>> master we relied on the 0.5.x fixing it.
>>>>>
>>>>
>>>> Hmm - done that (I cloned libhtp repository into the Suricata build
>>>> directory), and now I'm getting most entries in http.log with "hostname
>>>> unknown" (though interestingly a file captured with "filestore" had the
>>>> correct hostname in its .meta file, though the matching HTTP log entry
>>>> didn't). I can reproduce it with pcaps (exploit kits from a sandbox).
>>>>
>>>> Have I missed a necessary configuration change?
>>>
>>> No, I think this is a bug.
>>>
>>> Interestingly, the .meta file just gets the value of the Host header,
>>> while the http.log uses htp's tx->parsed_uri->hostname.
>>>
>>> Anoop, can you check it out?
>>>
>>
>> On it.
>>
> 
> Fix supplied and is in review stage.
> 

It has been merged into the git master.

Ticket https://redmine.openinfosecfoundation.org/issues/887

-- 
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------




More information about the Oisf-devel mailing list