[Snort-devel] Three bugs ?
hoagland at ...60...
Thu Jan 25 15:14:17 EST 2001
>2) spp_anomsensor.c: PreprocSpadeSurvey()/free_links() Missing NULL check
>This function can call (for example, on a very quiet network) free_links()
>with NULL pointer, which causes immediate SEGV (in free_links()). It is
>either possible to add check for NULL into free_links() (which should be
>more suitable), or you can check for NULL just in PreprocSpadeSurvey()
>(I have not checked other calls to free_links(), but it is possible that
>they can cause similar problem).
Good catch Peter. It seems this could happen. (This is the only
free_links() call with the problem BTW.)
So, if anyone is running Spade with survey mode on (I didn't think
anyone was), you might want to use the patched version. If you get
no TCP SYNs to your homenet during a certain time interval (1 hour
long by default), snort will probably segfault.
|* Jim Hoagland, Associate Researcher, Silicon Defense *|
|* hoagland at ...60... *|
|* http://www.silicondefense.com/ *|
|* Voice: (530) 756-7317 Fax: (707) 445-4222 *|
More information about the Snort-devel