[Snort-devel] Three bugs ?

James Hoagland hoagland at ...60...
Thu Jan 25 15:14:17 EST 2001

>2) spp_anomsensor.c: PreprocSpadeSurvey()/free_links()    Missing NULL check
>This function can call (for example, on a very quiet network) free_links()
>with NULL pointer, which causes immediate SEGV (in free_links()).  It is
>either possible to add check for NULL into free_links() (which should be
>more suitable), or you can check for NULL just in PreprocSpadeSurvey()
>(I have not checked other calls to free_links(), but it is possible that
>they can cause similar problem).

Good catch Peter.  It seems this could happen.  (This is the only 
free_links() call with the problem BTW.)

So, if anyone is running Spade with survey mode on (I didn't think 
anyone was), you might want to use the patched version.  If you get 
no TCP SYNs to your homenet during a certain time interval (1 hour 
long by default), snort will probably segfault.


|*   Jim Hoagland, Associate Researcher, Silicon Defense    *|
|*               hoagland at ...60...                *|
|*              http://www.silicondefense.com/              *|
|*  Voice: (530) 756-7317              Fax: (707) 445-4222  *|

More information about the Snort-devel mailing list