[Snort-devel] Snort 1.7 SegFaults Reading a Bad Rule File
Crist J. Clark
cjclark at ...236...
Sat Jan 27 19:47:48 EST 2001
Snort 1.7 segfaults reading the rule file if whitespace immediately
follows a '!' in an address specification. For example, the following
file produces a crash,
buttercup# cat badrule.conf
pass tcp any any -> ! 192.168.0.0/24 any
buttercup# ./snort -c badrule.conf -l .
--== Initializing Snort ==--
Initializing Network Interface ep0
Decoding Ethernet on interface ep0
Initializating Output Plugins!
Initializing rule chains...
In the ParseIP routine of rules.c.
I guess you can say that whitespace is not allowed there, but Snort
should flag the error and not core dump. It took me a long time to
figure out what the problem in my rules file was when I found this
Personally, I like allowing the extra whitespace. But the easiest fix
is probably to flag it as an error. I nosed around ParseIP() and
mSplit(), but I could not decide on the most correct way to fix this
Crist J. Clark cjclark at ...235...
More information about the Snort-devel