[Snort-devel] I think I got it

Phil Wood cpw at ...86...
Mon Jul 30 18:52:00 EDT 2001


Folks,

When stream4 has cause to DeleteSession, it does not reset p->ssnptr.

The fix for this particular instance of p->ssnptr hanging around after
a DeleteSession is easy:

*** snort/spp_stream4.c Tue Jul 24 08:50:21 2001
--- snort+/spp_stream4.c        Mon Jul 30 16:41:46 2001
***************
*** 1258,1261 ****
--- 1258,1262 ----
              DebugMessage(DEBUG_STREAM, "Dumping session\n");
              DeleteSession(ssn, p->pkth->ts.tv_sec);
+             p->ssnptr = 0;
          }
  

However, there are other calls on DeleteSession which may or may not be
relevant to the state of p->ssnptr and p->ssnptr is not available.  Maybe
it should be passed down so that DeleteSession can zero it when it frees
the memory.

In any event, we can say it isn't spo_database.c.  But, that routine could use
a makeover in the [cm]alloc department [no checking on success or failure
of same].  It would be nice to have a cleanup routine to call when a
critical resource is exhausted in some plugin so that snort could die
gracefully, flushing some buffers (like libpcap has hanging around).

Thanks,

Phil




More information about the Snort-devel mailing list