argus-2.0.0.beta.10

Carter Bullard carter at qosient.com
Thu Mar 8 14:19:56 EST 2001 

Hey Scott,
   Your trying to delete the user buffer of a fragment
stream, and its getting a garbage pointer.  I've found
some potential gottchas, so would you be willing to
run a modified Argus_frag.c for a while?  Replace your
./server/Argus_frag.c with this one, and see if we get
by.

Carter

Carter Bullard
QoSient, LLC
300 E. 56th Street, Suite 18K
New York, New York  10022

carter at qosient.com
Phone +1 212 588-9133
Fax   +1 212 588-9134
http://qosient.com

> -----Original Message-----
> From: Scott A. McIntyre [mailto:scott at xs4all.nl]
> Sent: Thursday, March 08, 2001 12:28 PM
> To: Carter Bullard
> Subject: Re: argus-2.0.0.beta.10
> 
> 
> 
> Sorry to rain on parades, but:
> 
> (gdb) bt
> #0  0x4008e815 in free () from /lib/libc.so.6
> #1  0x4008e6e8 in free () from /lib/libc.so.6
> #2  0x8065a80 in ArgusFree (buf=0x9666270) at ./argus_filter.c:5227
> #3  0x8051296 in ArgusDeleteObject (obj=0x88459a0) at 
> ./ArgusUtil.c:566
> #4  0x804d6d1 in ArgusTimeOut (flow=0x88459a0) at 
> ./ArgusModeler.c:1653
> #5  0x805106b in ArgusProcessQueue (queue=0x8144310, status=4 
> '\004') at
> ./ArgusUtil.c:450
> #6  0x804d0bf in ArgusSystemTimeout () at ./ArgusModeler.c:1337
> #7  0x804b7de in ArgusProcessPacket (ep=0x8080960, length=64,
> tvp=0xbffff670) at ./ArgusModeler.c:477
> #8  0x804fe9d in ArgusEtherPacket (user=0x0, h=0xbffff670, p=0x8143c00
> "") at ./ArgusSource.c:396
> #9  0x8054a47 in pcap_read_packet ()
> #10 0x805488e in pcap_read ()
> #11 0x80504b9 in ArgusGetPackets () at ./ArgusSource.c:752
> #12 0x804a747 in ArgusLoop () at ./argus.c:445
> #13 0x804a71d in main (argc=3, argv=0xbffff98c) at ./argus.c:394
> #14 0x40054cbe in __libc_start_main () from /lib/libc.so.6
> 
> 
> >Description:
> 
> argus() dies with a coredump after some period of time of running
> 
>  
> >How-To-Repeat:
> 
> Run argus
>  
> >Fix:
> 
> Email Carter.
>  
> >Submitter-Id:  Scott A. McIntyre
> >Originator:    Scott A. McIntyre
> >Organization:  XS4ALL Internet B.V.
> 
> >Argus support:  As much as he can get away with
> 
> >Release:       argus-2.0
> >Product:       argus
> >Synopsis:      Core dump from server
> >Severity:      Critical
> >Priority:      High
>  
> >Environment:   <machine, os, target, libraries (multiple lines)>
>  
> System:  Linux seti.xs4all.net 2.4.2 #2 Thu Mar 8 11:23:17 
> CET 2001 i686
> unknown
> Arch:    i686
>  
> Paths:    /home/argus/bin/ra /usr/local/sbin/tcpdump /usr/bin/make
> /usr/bin/gmake /usr/bin/gcc /usr/bin/cc
>  
>  
> RA:      Ra Version 2.0.0.beta.10
> TCPDUMP: tcpdump version 3.6 libpcap version 0.6
>  
> GCC:     Reading specs from
> /usr/lib/gcc-lib/i586-mandrake-linux/2.95.3/specs
> gcc version 2.95.3 19991030 (prerelease)
>  
> LIBC:
> lrwxrwxrwx    1 root     root           13 Mar  8 10:48 /lib/libc.so.6
> -> libc-2.1.3.so
> -rwxr-xr-x    1 root     root       931668 Jan 17 22:56
> /lib/libc-2.1.3.so
> -rw-r--r--    1 root     root     20736360 Jan 17 22:53 
> /usr/lib/libc.a
> -rw-r--r--    1 root     root          178 Jan 17 22:53 
> /usr/lib/libc.so
> -rw-r--r--    1 root     root       781824 Oct  2 17:28
> /usr/lib/libc-client.a
> 
> 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20010308/68a318f3/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Argus_frag.c
Type: application/octet-stream
Size: 12787 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20010308/68a318f3/attachment.obj>

More information about the argus mailing list