[Oisf-users] Suricata Segfault With Sig:

Andreas Moe andmoe at mnemonic.no
Thu Aug 7 06:04:57 UTC 2014 

Im running suricata 2.0.2 and i get segfaults as well when i have a rule with <rev;1;> instead of <rev:1;>

Test scenario:

Rule: alert udp $EXTERNAL_NET 53 -> $HOME_NET any (msg:"Test rule"; dsize:140<>1000; sid:1000001; rev;1;)
Running suricata: suricata -T -c /etc/suricata/suricata.yaml

End of suricata.log file:
...
...
7/8/2014 -- 08:02:21 - <Info> - IP reputation disabled
7/8/2014 -- 08:02:21 - <Info> - using magic-file /usr/share/misc/magic.mgc
7/8/2014 -- 08:02:21 - <Info> - Delayed detect disabled
Segmentation fault

Syslog message:
Aug  7 08:02:21 <****> kernel: Suricata-Main[30703]: segfault at 0 ip 00000000004a6116 sp 00007fff2008c970 error 4 in suricata[400000+1b1000]

Here's my build info:

This is Suricata version 2.0.2 RELEASE
Features: PCAP_SET_BUFF LIBPCAP_VERSION_MAJOR=1 AF_PACKET HAVE_PACKET_FANOUT LIBNET1.1 HAVE_HTP_URI_NORMALIZE_HOOK
SIMD support: SSE_4_2 SSE_4_1 SSE_3
Atomic intrisics: 1 2 4 8 16 byte(s)
64-bits, Little-endian architecture
GCC version 4.4.7 20120313 (Red Hat 4.4.7-4), C version 199901
L1 cache line size (CLS)=64
compiled with LibHTP v0.5.12, linked against LibHTP v0.5.12
Suricata Configuration:
  AF_PACKET support:                       yes
  PF_RING support:                         no
  NFQueue support:                         no
  NFLOG support:                           no
  IPFW support:                            no
  DAG enabled:                             no
  Napatech enabled:                        no
  Unix socket enabled:                     no
  Detection enabled:                       yes

  libnss support:                          no
  libnspr support:                         no
  libjansson support:                      no
  Prelude support:                         no
  PCRE jit:                                no
  LUA support:                             no
  libluajit:                               no
  libgeoip:                                no
  Non-bundled htp:                         no
  Old barnyard2 support:                   no
  CUDA enabled:                            no

  Suricatasc install:                      yes

  Unit tests enabled:                      no
  Debug output enabled:                    no
  Debug validation enabled:                no
  Profiling enabled:                       no
  Profiling locks enabled:                 no
  Coccinelle / spatch:                     no

Generic build parameters:
  Installation prefix (--prefix):          /usr
  Configuration directory (--sysconfdir):  /etc/suricata/
  Log directory (--localstatedir) :        /var/log/suricata/

  Host:                                    x86_64-unknown-linux-gnu
  GCC binary:                              gcc
  GCC Protect enabled:                     no
  GCC march native enabled:                yes
  GCC Profile enabled:                     no

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20140807/7460f44b/attachment-0002.html>

More information about the Oisf-users mailing list