[Bro-Dev] [JIRA] (BIT-1537) bro segfaults after compile in MacOS X 10.11 El Capitan

Fri Feb 19 09:09:00 PST 2016

    [ https://bro-tracker.atlassian.net/browse/BIT-1537?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=24205#comment-24205 ] 

Johanna Amann commented on BIT-1537:
------------------------------------

Ok, I think I figured this one out - and it is a bit mean. I think Bro uses the header files of a new version of OpenSSL (probably installed via hombrew, manually, etc). but then links against the system version of OpenSSL, where the format of the in-memory data structures changed a bit.

Could you please send me the output of otool -L [path-to-bro]. Also could you try to recompile bro by first doing a

{code}
make distclean
{code}

and then
{code}
LDFLAGS="-L[path-to-openssl-lib] ./configure
{code}

I expect the path to be /opt/local/lib, /usr/local/lib or similar :) 

> bro segfaults after compile in MacOS X 10.11 El Capitan
> -------------------------------------------------------
>
>                 Key: BIT-1537
>                 URL: https://bro-tracker.atlassian.net/browse/BIT-1537
>             Project: Bro Issue Tracker
>          Issue Type: Problem
>          Components: Bro
>    Affects Versions: 2.4
>            Reporter: Carlos Terrón
>            Assignee: Johanna Amann
>
> After compile with 
> {code}
> ./configure --prefix=/usr/local
> make
> make install
> {code}
> And try to execute bro with:
> {code}
> bro -i en4 local
> {code}
> bro segfaults with
> {code}
> Program received signal SIGSEGV, Segmentation fault.
> 0x00000001003045d2 in file_analysis::X509::ParseCertificate (
>     cert_val=<optimized out>, fid=<optimized out>)
>     at /Users/terron/tmp/bro-2.4.1/src/file_analysis/analyzer/x509/X509.cc:175
> 175				char *exponent = BN_bn2dec(pkey->pkey.rsa->e);
> (gdb) bt
> #0  0x00000001003045d2 in file_analysis::X509::ParseCertificate (
>     cert_val=<optimized out>, fid=<optimized out>)
>     at /Users/terron/tmp/bro-2.4.1/src/file_analysis/analyzer/x509/X509.cc:175
> #1  0x0000000100303e5d in file_analysis::X509::EndOfFile (this=0x105f8b710)
>     at /Users/terron/tmp/bro-2.4.1/src/file_analysis/analyzer/x509/X509.cc:56
> #2  0x000000010033f57a in file_analysis::File::EndOfFile (this=0x100961090)
>     at /Users/terron/tmp/bro-2.4.1/src/file_analysis/File.cc:522
> #3  0x000000010033bc6e in file_analysis::Manager::RemoveFile (
>     this=0x105f8b710, file_id=...)
>     at /Users/terron/tmp/bro-2.4.1/src/file_analysis/Manager.cc:395
> #4  0x00000001002d910a in binpac::TLSHandshake::Handshake_Conn::proc_certificate (this=0x105f8a220, is_orig=false, certificates=0x100961f90)
>     at /Users/terron/tmp/bro-2.4.1/build/src/analyzer/protocol/ssl/tls-handshake_pac.cc:180
> #5  0x00000001002d99d4 in binpac::TLSHandshake::Handshake_Conn::proc_v3_certificate (this=0x105f8b710, is_orig=16, cl=<optimized out>)
>     at /Users/terron/tmp/bro-2.4.1/build/src/analyzer/protocol/ssl/tls-handshake_pac.cc:323
> #6  0x00000001002dc430 in binpac::TLSHandshake::Certificate::Parse (
>     this=0x105f8a220, t_begin_of_data=<optimized out>, 
>     t_end_of_data=0x101022f2e "", t_context=0x10095e480)
>     at /Users/terron/tmp/bro-2.4.1/build/src/analyzer/protocol/ssl/tls-handshake_pac.cc:1977
> {code}

--
This message was sent by Atlassian JIRA
(v7.2.0-OD-01-031#72000)