[Oisf-users] Suricata Segfault With Sig:

Thu Aug 7 07:28:45 UTC 2014

On 08/07/2014 08:04 AM, Andreas Moe wrote:
> Im running suricata 2.0.2 and i get segfaults as well when i have a rule
> with «rev;1;» instead of «rev:1;»
> 
>  
> 
> Test scenario:
> 
>  
> 
> Rule: alert udp $EXTERNAL_NET 53 -> $HOME_NET any (msg:"Test rule";
> dsize:140<>1000; sid:1000001; rev;1;)
> 
> Running suricata: suricata -T -c /etc/suricata/suricata.yaml
> 
>  
> 
> End of suricata.log file:
> 
> …
> 
> …
> 
> 7/8/2014 -- 08:02:21 - <Info> - IP reputation disabled
> 
> 7/8/2014 -- 08:02:21 - <Info> - using magic-file /usr/share/misc/magic.mgc
> 
> 7/8/2014 -- 08:02:21 - <Info> - Delayed detect disabled
> 
> Segmentation fault
> 
>  
> 
> Syslog message:
> 
> Aug  7 08:02:21 <****> kernel: Suricata-Main[30703]: segfault at 0 ip
> 00000000004a6116 sp 00007fff2008c970 error 4 in suricata[400000+1b1000]
> 
>  
> 
> Here’s my build info:
> 
>  
> 
> This is Suricata version 2.0.2 RELEASE
> 
> Features: PCAP_SET_BUFF LIBPCAP_VERSION_MAJOR=1 AF_PACKET
> HAVE_PACKET_FANOUT LIBNET1.1 HAVE_HTP_URI_NORMALIZE_HOOK
> 
> SIMD support: SSE_4_2 SSE_4_1 SSE_3
> 
> Atomic intrisics: 1 2 4 8 16 byte(s)
> 
> 64-bits, Little-endian architecture
> 
> GCC version 4.4.7 20120313 (Red Hat 4.4.7-4), C version 199901
> 
> L1 cache line size (CLS)=64
> 
> compiled with LibHTP v0.5.12, linked against LibHTP v0.5.12
> 
> Suricata Configuration:
> 
>   AF_PACKET support:                       yes
> 
>   PF_RING support:                         no
> 
>   NFQueue support:                         no
> 
>   NFLOG support:                           no
> 
>   IPFW support:                            no
> 
>   DAG enabled:                             no
> 
>   Napatech enabled:                        no
> 
>   Unix socket enabled:                     no
> 
>   Detection enabled:                       yes
> 
>  
> 
>   libnss support:                          no
> 
>   libnspr support:                         no
> 
>   libjansson support:                      no
> 
>   Prelude support:                         no
> 
>   PCRE jit:                                no
> 
>   LUA support:                             no
> 
>   libluajit:                               no
> 
>   libgeoip:                                no
> 
>   Non-bundled htp:                         no
> 
>   Old barnyard2 support:                   no
> 
>   CUDA enabled:                            no
> 
>  
> 
>   Suricatasc install:                      yes
> 
>  
> 
>   Unit tests enabled:                      no
> 
>   Debug output enabled:                    no
> 
>   Debug validation enabled:                no
> 
>   Profiling enabled:                       no
> 
>   Profiling locks enabled:                 no
> 
>   Coccinelle / spatch:                     no
> 
>  
> 
> Generic build parameters:
> 
>   Installation prefix (--prefix):          /usr
> 
>   Configuration directory (--sysconfdir):  /etc/suricata/
> 
>   Log directory (--localstatedir) :        /var/log/suricata/
> 
>  
> 
>   Host:                                    x86_64-unknown-linux-gnu
> 
>   GCC binary:                              gcc
> 
>   GCC Protect enabled:                     no
> 
>   GCC march native enabled:                yes
> 
>   GCC Profile enabled:                     no
> 

I have opened a ticket here
https://redmine.openinfosecfoundation.org/issues/1254

-- 
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------