[Snort-devel] defrag causes segfaults in cvs,beta5 version

Chris Green cmg at ...81...
Tue Nov 28 10:17:08 EST 2000


It dies on line 821 of spp_defrag.c, the first time it enters this
branch of code using libpcap 0.5.2 by trying to free the same memory
twice.

In fragdelete(), free(t->key) is freeing the location freetemp points
to.  Then on the access to freetemp->pkth, it segfaults.

I need to get more familiar with the code before I start banging
changes.

spp_defrag.c:
if(TIME_LT(timecheck. , p->pkth->ts.))
                {
                    fragmemuse -= froot->key->pkth->caplen + sizeof(Packet);
                    freetemp = froot->key;
[...]
                    froot = fragdelete(froot->key, froot);
                    free(freetemp->pkth);  /* free packet copy */
                    free(freetemp);
                    fragsweep--;
                }

-- 
Chris Green <cmg at ...81...>
"When the going gets weird, the weird turn pro..."
                            -- Hunter S. Thompson



More information about the Snort-devel mailing list