[Snort-devel] another snort-1.8-RELEASE core

Jason A. Haynes jahaynes at ...502...
Sun Jul 15 16:28:23 EDT 2001


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


I'd say that's a good call, Mike; saw a couple crashes reported on
snort-users about that assertion too.  Here's a patch against the current
cvs which I think NULLs out the remaining two cases, including the one you
found.


- -- 
Hey, if you can't remember when you booted it, it ain't
windoze.                                - CyberPeasant

On Wed, 11 Jul 2001, Michael Anderson wrote:

> I just got another core dump with snort-1.8-RELEASE. My backtrace looks
> like this:
> (gdb) bt
> #0  0x4020f4e1 in __kill () from /lib/libc.so.6
> #1  0x4020f2ba in raise (sig=6) at ../sysdeps/posix/raise.c:27
> #2  0x40210a82 in abort () at ../sysdeps/generic/abort.c:88
> #3  0x40208eba in __assert_fail () at assert.c:60
> #4  0x805603f in Preprocess (p=0xbffff3b0) at rules.c:3427
> #5  0x804baab in ProcessPacket (user=0x0, pkthdr=0xbffff870,
> <snip!>
> 
> I took a look at the code and found that snort crashed while trying to
> do the following in rules.c line 3426:
> assert(idx->func != NULL);
> 
> idx is a pointer to the list PreprocessFuncNode. idx is set to point to
> the global list PreprocessList (a list containing all of the
> preprocessor functions). The list is then traversed to call each
> preprocessor function. It appears that at some point while traversing
> the list, the func attribute is NULL causing the assertion to fail. I
> added the following line to the AddFuncToPreprocList in rules.c after
> line number 1370:
> idx->next = NULL;
> 
> I'm assuming the crash was caused because pointers are not being
> initialized to NULL and at some point snort is accessing random memory
> while trying to read the list.  I've had snort up and running for 3
> hours since I made this change.

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8

iQA/AwUBO1H86rLjQl4gvHqLEQIyCgCg/ZEuc6g2Zl2s66aA6nHZnICOW1EAn1tp
oV6ll8cyWuEYWShvPgYXSXhn
=UlI2
-----END PGP SIGNATURE-----
-------------- next part --------------
Index: rules.c
===================================================================
RCS file: /cvsroot/snort/snort/rules.c,v
retrieving revision 1.74
diff -U5 -d -w -u -r1.74 rules.c
--- rules.c	2001/07/08 23:27:43	1.74
+++ rules.c	2001/07/15 20:14:33
@@ -1365,10 +1365,11 @@
 
         idx->next = (PreprocessFuncNode *) calloc(sizeof(PreprocessFuncNode), sizeof(char));
 
         idx = idx->next;
         idx->func = func;
+        idx->next = NULL;
     }
 
     return;
 }
 
@@ -1535,10 +1536,11 @@
     if(idx == NULL)
     {
         idx = (OutputFuncNode *) calloc(sizeof(OutputFuncNode), sizeof(char));
         idx->func = func;
         idx->arg = arg;
+        idx->next = NULL;
         list = idx;
     }
     else
     {
         while(idx->next != NULL)
@@ -1546,10 +1548,11 @@
 
         idx->next = (OutputFuncNode *) calloc(sizeof(OutputFuncNode), sizeof(char));
         idx = idx->next;
         idx->func = func;
         idx->arg = arg;
+        idx->next = NULL;
     }
 
     idx->next = NULL;
 
     return list;


More information about the Snort-devel mailing list