Bug #100
"Random" segfaults in prelude-lml 0.9.0
Start date:
Due date:
% Done:
0%
Resolution:
fixed
Description
Running Prelude 0.9.0 on [[CentOS]] 3.5 (kernel 2.4.21, glibc 2.3.2), also with following supplimental packages:
pcre-5.0-4
gnutls-1.0.25
opencdk-0.5.4
libgcrypt-1.2.1
Getting occasional segmentation faults. A typical log entry looks like the following (however, this does not happen on /all/ such entries):
Sep 23 09:44:53 web01 sshdr15291: Accepted publickey for asparks from 216.150.62.80 port 34121 ssh2
(gdb) bt
#0 0x00640213 in prelude_string_set_dup (string=0x99680a8, buf=0x0)
at prelude-string.c:412
#1 0x0804f23f in fill_target (node=0x9967700, ai=0x9968000) at
lml-alert.c:114
#2 0x0804f60c in generate_target (log_entry=0x9965760, alert=0x9954720)
at lml-alert.c:252
#3 0x0804f790 in lml_alert_emit (ls=0x98db248, log=0x9965760,
message=0x99681c0) at lml-alert.c:310
#4 0x00f03867 in match_rule_list (rc=0x9939010, state=0xbfffa3f0,
ls=0x98db248, log_entry=0x9965760, match_flags=0xbfffa3b8)
at rule-regex.c:227
#5 0x00f037a5 in match_rule_list (rc=0x9938080, state=0xbfffa3f0,
ls=0x98db248, log_entry=0x9965760, match_flags=0xbfffa438)
at rule-regex.c:197
#6 0x00f03909 in rule_regex_match (root=0x9938080, ls=0x98db248,
log_entry=0x9965760, match_flags=0xbfffa438) at rule-regex.c:249
#7 0x00f024ea in pcre_run (pi=0x98dbe20, ls=0x98db248, log_entry=0x9965760)
at pcre-mod.c:650
#8 0x0804d1c5 in log_plugin_run (pi=0x98dbe20, ls=0x98db248, log=0x9965760)
at log-plugins.c:75
#9 0x0804bd52 in regex_match_cb (plugin=0x98dbe20, data=0x0)
at prelude-lml.c:171
#10 0x0804c99d in regex_exec (list=0x98daf70, cb=0x804bd3c <regex_match_cb>,
data=0xbfffa5d0,
str=0x99677e0 "Sep 23 09:44:53 web01 sshdr15291: Accepted publickey
for asparks from 216.150.62.80 port 34121 ssh2", len=101) at
regex.c:281
#11 0x0804bde6 in lml_dispatch_log (list=0x98daf70, ls=0x98db248,
str=0x98db8c0 "Sep 23 09:44:53 web01 sshdr15291: Accepted publickey
for asparks from 216.150.62.80 port 34121 ssh2", size=101) at
prelude-lml.c:205
#12 0x0804e9a4 in check_logfile_data (monitor=0x98db898, st=0xbfffa650)
at file-server.c:544
#13 0x0804f02a in process_file_event (monitor=0x98db898) at
file-server.c:1053
#14 0x0804f0c5 in file_server_wake_up () at file-server.c:1104
#15 0x0804c10a in main (argc=1, argv=0x6) at prelude-lml.c:323
Looks like under some cases, the ai_canonname field is NULL, do not know the circumstances when this can happen:
(gdb) print *ai
$4 = {ai_flags = 2, ai_family = 2, ai_socktype = 1, ai_protocol = 6,
ai_addrlen = 16, ai_addr = 0x9968020, ai_canonname = 0x0,
ai_next = 0x9968038}
History
#1 Updated by Yoann VANDOORSELAERE over 18 years ago
- Status changed from New to Closed
- Resolution set to fixed
Fixed in r7318. Thanks!
#2 Updated by Yoann VANDOORSELAERE almost 15 years ago
- Project changed from PRELUDE SIEM to Prelude-LML
- Category deleted (
4) - Target version deleted (
0.9.1)