Actions
Bug #422
closedpcap logging crash
Affected Versions:
Effort:
Difficulty:
Label:
Description
There seems to be 2 issues:
1. we error out when the file we try to remove is already gone
2. while shutting down we segv
[21969] 18/3/2012 -- 12:34:09 - (log-pcap.c:212) <Error> (PcapLogRotateFile) -- [ERRCODE: UNKNOWN_ERROR(198)] - failed to remove log file /nsm_data/sensor/dailylogs/2012-03-16/snort.log.1331882450: No such file or directory ... [21969] 18/3/2012 -- 12:34:09 - (log-pcap.c:403) <Info> (PcapLogDataDeinit) -- Packets seen 1164388210 at exit Segmentation fault (core dumped)
BT:
Program terminated with signal 11, Segmentation fault. #0 0x0000000000639af8 in PcapLog (t=0x137b1ef0, p=0x3333260, postpq=<optimized out>, pq=<optimized out>, data=<optimized out>) at log-pcap.c:291 291 pl->h->ts.tv_sec = p->ts.tv_sec; (gdb) bt #0 0x0000000000639af8 in PcapLog (t=0x137b1ef0, p=0x3333260, postpq=<optimized out>, pq=<optimized out>, data=<optimized out>) at log-pcap.c:291 #1 0x00000000006259e8 in TmThreadsSlotVarRun (tv=0x137b1ef0, p=0x3333260, slot=<optimized out>) at tm-threads.c:467 #2 0x0000000000627e36 in TmThreadsSlotVar (td=0x137b1ef0) at tm-threads.c:676 #3 0x00007f360186bd90 in start_thread (arg=0x7f35ff46b700) at pthread_create.c:309 #4 0x00000031f20f0f5d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:115
pl->h access is a null derefence:
(gdb) print pl $1 = (PcapLogData *) 0x30aeea0 (gdb) print pl->h $2 = (struct pcap_pkthdr *) 0x0
Actions