[Snort-devel] Snort 1.7 SegFaults Reading a Bad Rule File

Fyodor fygrave at ...1...
Tue Feb 6 07:49:49 EST 2001

On Sun, Jan 28, 2001 at 01:33:31PM -0500, Todd Lewis wrote:
> On Sat, 27 Jan 2001, Crist J. Clark wrote:
> > I guess you can say that whitespace is not allowed there, but Snort
> > should flag the error and not core dump. It took me a long time to
> > figure out what the problem in my rules file was when I found this
> > bug. 
> > 
> > Personally, I like allowing the extra whitespace. But the easiest fix
> > is probably to flag it as an error. I nosed around ParseIP() and
> > mSplit(), but I could not decide on the most correct way to fix this
> > behavior.
> <your eyes open to a perfectly blue sky>
> <you hear birds chirping>
> <you hear surf in the distance crashing over rocks>
> <a voice starts speaking; you do not perceive the source, but you're groggy>
> xml never segfaults...

After thinking for a while.. :) shall we maybe stick with xml as well in snort 2.x implementation? (and
just code up snort1x->snort2x rules converter). I was playing with some applications the other day,
which deploy xml heavily in its configuration files and frankly speaking I quite liked it. Plus XML should give
us enough flexebility to extend our grammar as much as we need that (and it's easy to parse too :-))

More information about the Snort-devel mailing list