[Snort-devel] core dump reading config file (patch incl.)

Joe McAlerney joey at ...63...
Tue Feb 13 20:22:10 EST 2001


This was posted in a forum.  He provided a patch to fix it up.

8<....................................................

in my snort.conf file i had the line:
output alert_full:

it caused snort to core dump as follows:
------snip------
(gdb) bt
#0 0x4023a74d in ?? ()
#1 0x805cd65 in ProcessFileOption (filespec=0x0) at parser.c:58
#2 0x805d6b4 in ParseFullAlertArgs (args=0x8091620 "") at
spo_alert_full.c:138
#3 0x805d616 in FullAlertInit (args=0x8091620 "") at spo_alert_full.c:88
#4 0x8052b8d in ParseOutputPlugin (rule=0xbffff120 "output alert_full:")
at rules.c:1265
#5 0x80522d3 in ParseRule (prule=0xbffff560 "output alert_full:",
inclevel=0) at
rules.c:403
#6 0x8051f97 in ParseRulesFile (file=0x80878dc
"/usr/local/snort/snort_gwc.conf",
inclevel=0) at rules.c:144
#7 0x804b56a in main (argc=4, argv=0xbffffa94) at snort.c:258
#8 0x401d6a2c in ?? ()
(gdb)

------snip------

removing the : at the end of the command fixed the problem, but it was
not clear in the
documenation that the colon should only be used when specifying an
output filename.

i added the following patch to my snort copy (pay not attention to my
file dates, this is
1.07 ;-( )
-----snip----
--- parser.c.orig Tue Feb 13 16:02:45 2001
+++ parser.c Tue Feb 13 15:59:51 2001
@@ -54,6 +54,10 @@
char *filename;
char buffer[STD_BUF];

+ if(!filespec)
+ {
+ FatalError("ERROR: no fileoptions arg, remove the extra ':' at end of
the alert
option?\n");
+ }
/* look for ".." in the string and complain and exit if it is found */
if(strstr(filespec, "..") != NULL)
{
-----snip---- 

-- 
___cliff rayman___cliff at ...274...://www.genwax.com/

.................................................................>8
-- 
+--                            --+
| Joe McAlerney, Silicon Defense |
| http://www.silicondefense.com/ |
+--                            --+




More information about the Snort-devel mailing list