#23 Mac OSX & snort pcre - bus error - [^a] bug?

[Anonymous]

The below regexes kill snort with a bus error. I
believe this is a Mac OSX specific error.

I have tested them via pcretest and can confirm same
happens outside of snort with the pcretest application.

/^SSH-\s[^\n]{200}/ism
/^CSeq\x3A\s*[^\nA-Za-z]*[A-Za-z][^\n]{16,}/smi
/\x2fnds\x2f[^&\r\n\x3b]{500}/smi

computer:~/Desktop/pcre-6.3 Nicholas$ ./pcretest
PCRE version 6.3 15-Aug-2005

re> /^CSeq\x3A\s*[^\nA-Za-z]*[A-Za-z][^\n]{16,}/smi
Bus error

computer:~/Desktop/pcre-6.3 user$ ./pcretest
PCRE version 6.3 15-Aug-2005

re> /\x2fnds\x2f[^&\r\n\x3b]{500}/smi
Bus error

a more simplistic version:

computer:~/Desktop/pcre-6.3 user$ ./pcretest
PCRE version 6.3 15-Aug-2005

re> /abc[^d]/
Bus error

Something to do with the NOT 'd' ???

Thanks

Mohclips.

[Nobody/Anonymous]

Logged In: NO

forget it, i found a newer version here that works;

ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-6.6.tar.gz

Mohclips.