Project

General

Profile

Actions

Bug #422

closed

pcap logging crash

Added by Victor Julien about 12 years ago. Updated about 12 years ago.

Status:
Closed
Priority:
Normal
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

There seems to be 2 issues:
1. we error out when the file we try to remove is already gone
2. while shutting down we segv


[21969] 18/3/2012 -- 12:34:09 - (log-pcap.c:212) <Error> (PcapLogRotateFile) -- [ERRCODE: UNKNOWN_ERROR(198)] - failed to remove log file /nsm_data/sensor/dailylogs/2012-03-16/snort.log.1331882450: No such file or directory
...
[21969] 18/3/2012 -- 12:34:09 - (log-pcap.c:403) <Info> (PcapLogDataDeinit) -- Packets seen 1164388210 at exit
Segmentation fault (core dumped)

BT:

Program terminated with signal 11, Segmentation fault.
#0  0x0000000000639af8 in PcapLog (t=0x137b1ef0, p=0x3333260, postpq=<optimized out>, pq=<optimized out>, data=<optimized out>) at log-pcap.c:291
291         pl->h->ts.tv_sec = p->ts.tv_sec;
(gdb) bt
#0  0x0000000000639af8 in PcapLog (t=0x137b1ef0, p=0x3333260, postpq=<optimized out>, pq=<optimized out>, data=<optimized out>) at log-pcap.c:291
#1  0x00000000006259e8 in TmThreadsSlotVarRun (tv=0x137b1ef0, p=0x3333260, slot=<optimized out>) at tm-threads.c:467
#2  0x0000000000627e36 in TmThreadsSlotVar (td=0x137b1ef0) at tm-threads.c:676
#3  0x00007f360186bd90 in start_thread (arg=0x7f35ff46b700) at pthread_create.c:309
#4  0x00000031f20f0f5d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:115

pl->h access is a null derefence:

(gdb) print pl
$1 = (PcapLogData *) 0x30aeea0
(gdb) print pl->h
$2 = (struct pcap_pkthdr *) 0x0

Actions #1

Updated by Victor Julien about 12 years ago

  • Due date set to 03/26/2012
  • Assignee set to Anoop Saldanha
  • Estimated time set to 3.00 h
Actions #2

Updated by Victor Julien about 12 years ago

  • Status changed from New to Closed
  • % Done changed from 0 to 100

Applied, thanks Anoop!

Actions

Also available in: Atom PDF