'Re: [Oisf-users] Segfault on Debian 8.3'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oisf-users
Subject:    Re: [Oisf-users] Segfault on Debian 8.3
From:       Peter Manev <petermanev () gmail ! com>
Date:       2016-03-28 16:19:21
Message-ID: 85652684-B634-4075-AB0A-507232804AB4 () gmail ! com
[Download RAW message or body]

> On 28 mars 2016, at 17:51, Hovsep Levi <hovsep.sanjay.levi@gmail.com> wrote:
> 
> Hello.
> 
> On Debian 8.3 both Suricata 2.0.11 and 3.0.0 segfault after some time, maybe a few \
> hours.  I think a bug exists in a PCRE parser for an IRC signature.  This problem \
> does not happen on Ubuntu.  
> What do you think ?
> 

It can very well be related to pcre 8.35 - 

https://redmine.openinfosecfoundation.org/projects/suricata/wiki/known_issues

If you try to upgrade to the latest pcre (and/or recompile Suricata towards the \
latest pcre) - would it fix the issue?

Thanks

> Thanks,
> 
> Hovsep
> 
> 
> #0  0x00007f8e6ed784bb in ?? ()
> #1  0x00007f8d7f530cca in ?? ()
> #2  0x00007f8e6ed781a8 in ?? ()
> #3  0x0000000000000001 in ?? ()
> #4  0x0000000000000dac in ?? ()
> #5  0x00007f8c811020be in ?? ()
> #6  0x0000000000000dac in ?? ()
> #7  0x00007f8c811020be in ?? ()
> #8  0x00000000030c5fe7 in ?? ()
> #9  0x00000000030c5fe6 in ?? ()
> #10 0x00000000034d35e2 in ?? ()
> #11 0x00000000030c5fe7 in ?? ()
> #12 0x0000000000000001 in ?? ()
> #13 0x000000000e3b5540 in ?? ()
> #14 0x00000000030c5fe7 in ?? ()
> #15 0x0000000000000338 in ?? ()
> #16 0x0000000000000002 in ?? ()
> #17 0x000000000e3b6a40 in ?? ()
> #18 0x00007f8e720c78bf in ?? () from /lib/x86_64-linux-gnu/libpcre.so.3
> #19 0x00007f8e720ed288 in ?? () from /lib/x86_64-linux-gnu/libpcre.so.3
> #20 0x00007f8e720c63a9 in pcre_exec () from /lib/x86_64-linux-gnu/libpcre.so.3
> #21 0x00000000004a19ee in DetectPcrePayloadMatch (det_ctx=0x7f8d6c08c0d0, \
> s=<optimized out>, sm=<optimized out>, p=0x30c57f0, f=0x7f8d08d33f40,  \
> payload=0x30c5fe2 "_NICKNAME= 
> 
> 
> 	linux-vdso.so.1 (0x00007fffa4a00000)
> 	libhtp-0.5.18.so.1 => /opt/suricata-2.0.11/lib/libhtp-0.5.18.so.1 \
> (0x00007fa972000000)  libGeoIP.so.1 => /usr/lib/x86_64-linux-gnu/libGeoIP.so.1 \
> (0x00007fa971dd0000)  libmagic.so.1 => /usr/lib/x86_64-linux-gnu/libmagic.so.1 \
> (0x00007fa971bb0000)  libcap-ng.so.0 => /usr/lib/x86_64-linux-gnu/libcap-ng.so.0 \
> (0x00007fa9719a8000)  libpcap.so.1 => /opt/pfring/lib/libpcap.so.1 \
> (0x00007fa971710000)  libpfring.so => /opt/pfring/lib/libpfring.so \
> (0x00007fa9714b0000)  libnet.so.1 => /usr/lib/x86_64-linux-gnu/libnet.so.1 \
> (0x00007fa971290000)  libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 \
> (0x00007fa971070000)  libyaml-0.so.2 => /usr/lib/x86_64-linux-gnu/libyaml-0.so.2 \
> (0x00007fa970e50000)  libpcre.so.3 => /lib/x86_64-linux-gnu/libpcre.so.3 \
> (0x00007fa970be0000)  libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 \
> (0x00007fa970830000)  libz.so.1 => /lib/x86_64-linux-gnu/libz.so.1 \
> (0x00007fa970610000)  /lib64/ld-linux-x86-64.so.2 (0x00007fa972220000)
> 	librt.so.1 => /lib/x86_64-linux-gnu/librt.so.1 (0x00007fa970408000)
> 
> 
> 
> ii  libpcre-ocaml                    7.0.4-1                              amd64     \
> OCaml bindings for PCRE (runtime) ii  libpcre3:amd64                   \
> 2:8.35-3.3+deb8u2                    amd64        Perl 5 Compatible Regular \
> Expression Library - runtime files ii  libpcre3-dev:amd64               \
> 2:8.35-3.3+deb8u2                    amd64        Perl 5 Compatible Regular \
> Expression Library - development files ii  libpcrecpp0:amd64                \
> 2:8.35-3.3+deb8u2                    amd64        Perl 5 Compatible Regular \
> Expression Library - C++ runtime files 
> 
> 
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users@openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> Suricata User Conference November 9-11 in Washington, DC: http://oisfevents.net
_______________________________________________
Suricata IDS Users mailing list: oisf-users@openinfosecfoundation.org
Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
Suricata User Conference November 9-11 in Washington, DC: http://oisfevents.net

[prev in list] [next in list] [prev in thread] [next in thread] 