[Snort-devel] SIGSEGV in spp_defrag
a at ...384...
Fri Apr 20 05:05:21 EDT 2001
The following patch fixes a bug in the defragment preprocessor (all versions
up to cvs version of April 19th):
--- snort-20010419/snort/spp_defrag.c Tue Jan 2 09:06:01 2001
+++ snort-20010419.patched/snort/spp_defrag.c Fri Apr 20 10:19:37 2001
@@ -933,9 +933,9 @@
mem_freed += freetemp->caplen + overhead + 20;
+ froot = fragdelete(froot->key, froot);
fragmemuse -= freetemp->caplen + overhead + 20;
- froot = fragdelete(froot->key, froot);
Without the patch the memory pointed to by "freetemp" is referenced in
"fragdelete(..)" after it is already released. This may work, if the memory
isn't already released to the OS.
I test it on Linux 2.2.17 and Linux 2.4.3. With the old kernel the unpatched
binary is running fine, but it crashes with a SIGSEGV running on the same
system with Linux 2.4.3.
More information about the Snort-devel