[Bro-Dev] [JIRA] (BIT-1361) New installation of Bro crashes and core dumps with error indicating ssh/binpac

Ted Llewellyn (JIRA) jira at bro-tracker.atlassian.net
Wed Apr 1 11:16:00 PDT 2015


     [ https://bro-tracker.atlassian.net/browse/BIT-1361?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Ted Llewellyn updated BIT-1361:
-------------------------------
    Comment: was deleted

(was: Jon,

 I think this is something new; I do not remember seeing anything like this in my weird.log before applying the patch:

1427911262.505789       CYEwoB1X7XFyozYsdc      61.240.144.66   60000   10.10.32.253   514     binpac exception: out_of_bound: Syslog_Priority:lt: 1 > 0       -      Fbro
1427911263.624456       CCEGxTr3jHEZWIb1k       61.240.144.66   60000   10.10.32.250   514     binpac exception: out_of_bound: Syslog_Priority:lt: 1 > 0       -      Fbro
1427911263.847535       C86BvxMqoOeUz1e7e       61.240.144.66   60000   10.10.32.245   514     binpac exception: out_of_bound: Syslog_Priority:lt: 1 > 0       -      Fbro
1427911272.856867       CgQRbt3gokYaNcaZth      61.240.144.66   60000   10.10.32.252   514     binpac exception: out_of_bound: Syslog_Priority:lt: 1 > 0       -      Fbro

Ted 



)

> New installation of Bro crashes and core dumps with error indicating ssh/binpac
> -------------------------------------------------------------------------------
>
>                 Key: BIT-1361
>                 URL: https://bro-tracker.atlassian.net/browse/BIT-1361
>             Project: Bro Issue Tracker
>          Issue Type: Problem
>          Components: Bro
>    Affects Versions: 2.3
>         Environment: Debian wheezy, Dell 1750 (dual 32-bit Xeon dual-core cpus), capturing on one 100 meg mirrored switch port
>            Reporter: Ted Llewellyn
>              Labels: binpac, ssh
>             Fix For: 2.4
>
>         Attachments: bro-bt-033115.txt
>
>
> diag results:
> [BroControl] > diag
> [bro]
> Bro 2.3-633
> Linux 3.2.0-4-686-pae
> No gdb installed.
> ==== No reporter.log
> ==== stderr.log
> listening on eth1, capture length 8192 bytes
> bro: /root/bro/build/src/analyzer/protocol/ssh/ssh_pac.cc:1382: int binpac::SSH::SSH2_KEXINIT::Parse(binpac::const_byteptr, binpac::const_byteptr, binpac::SSH::ContextSSH*, int): Assertion `t_dataptr_after_cookie <= t_end_of_data' failed.
> /usr/local/bro/share/broctl/scripts/run-bro: line 100: 10307 Aborted                 (core dumped) nohup "$mybro" "$@"
> ==== stdout.log
> max memory size         (kbytes, -m) unlimited
> data seg size           (kbytes, -d) unlimited
> virtual memory          (kbytes, -v) unlimited
> core file size          (blocks, -c) unlimited
> ==== .cmdline
> -i eth1 -U .status -p broctl -p broctl-live -p standalone -p local -p bro local.bro broctl broctl/standalone broctl/auto
> ==== .env_vars
> PATH=/usr/local/bro/bin:/usr/local/bro/share/broctl/scripts:/usr/local/bro/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
> BROPATH=/usr/local/bro/spool/installed-scripts-do-not-touch/site::/usr/local/bro/spool/installed-scripts-do-not-touch/auto:/usr/local/bro/share/bro:/usr/local/bro/share/bro/policy:/usr/local/bro/share/bro/site
> CLUSTER_NODE=
> ==== .status
> RUNNING [net_run]
> ==== No prof.log
> ==== No packet_filter.log
> ==== No loaded_scripts.log
> [BroControl] >



--
This message was sent by Atlassian JIRA
(v6.4-OD-16-006#64014)


More information about the bro-dev mailing list