Argus 3.0.5.10: double free or corruption detected by glibc

Markku Parviainen maketsi at gmail.com
Thu Feb 16 16:04:45 EST 2012


2012/2/16 Carter Bullard <carter at qosient.com>:
> Can you look to see if your ARGUS_BIND_IP line maybe poorly formed?
> If that doesn't do it, can you share your /etc/argus.conf file?

Oh, I didn't consider that it would be reading that file, but of
course it is as one now thinks about it..

# grep ^ARGUS_BIND_IP /etc/argus.conf
ARGUS_BIND_IP="127.0.0.1"

That line is not garbled though and is working fine for the argus
daemon that is using the same config. However, removing that line
helps. So there is some kind of bug in there. It doesn't matter if
there are daemons running or not.
On that other machine I mentioned about, was no /etc/argus.conf at
all. I now created it and added only one line there, the one above.
The result is that the argus now crashes there too (64bit, gcc 4.2.4),
puking out the same 'double free' error.



Btw. A side note for everyone:
If you are using /etc/argus.conf for the system argus daemon, and it
defines it to drop privileges and to chroot itself (as on my case),
that also affects to this file conversion case, which might not be
expected. Resulting error messages are quite strange (but obvious) at
first glance:
root at host:~# /opt/argus-3.0.5.10-debug/sbin/argus -r test.pcap -w test.arg
argus[6681]: 16 Feb 12 19:57:39.453407 ArgusInitOutput: open test.arg:
Permission denied
or:
root at host:~# /opt/argus-3.0.5.10-debug/sbin/argus -r test.pcap -w test.arg
argus[6917]: 16 Feb 12 20:23:23.269805 ArgusOpenInputPacketFile:
pcap_open_offline: test.pcap: No such file or directory

The easiest fix is to add parameter -F /dev/null, which skips the
default config completely. Or to use a separate config for the
chrooted daemon...



More information about the argus mailing list