[Snort-devel] [ snort-Bugs-420109 ] Segfault in fragcompare (snort-1.7)

Martin Roesch roesch at ...402...
Tue May 1 11:18:18 EDT 2001


In theory, although I'm still not entirely happy with the compare
functions in the defragger, they're somewhat unsafe (don't check for
p->iph before testing IPHdr elements).  I'm hoping to do some more
cleanup in here soon (before 1.8).

    -Marty

Fyodor wrote:
> 
> >
> > Arch/OS: x86 running BSD/OS 4.1
> > Snort-version: 1.7
> > Rules: Distributed with 1.7
> >
> > snort -c <path-to>/ids/snort/snort.conf
> > (snort.conf is a copy of the one distributed with
> > HOME_NET set and "preprocessor portscan-ignorehosts:
> > $HOME_NET $DNS_SERVERS"  added.
> >
> > I got a lot of
> > [**] Incomplete Packet Fragments Discarded [**]
> > from my HOME_NET (cause NFS)
> >
> > Core backtrace (will keep corefile ask me if you need
> > more info)
> >
> > Program terminated with signal 11, Segmentation fault.
> > #0  0x805a0fa in fragcompare (i=0x84ad800, j=0x84ad800)
> > at spp_defrag.c:171
> > 171         if(SADDR(i) > SADDR(j))
> > (gdb) bt
> > #0  0x805a0fa in fragcompare (i=0x84ad800, j=0x84ad800)
> > at spp_defrag.c:171
> 
> if my memory doesn't fail, we should have this bug fixed already, I believe.
> 
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
> http://lists.sourceforge.net/lists/listinfo/snort-devel

--
Martin Roesch
roesch at ...48...
http://www.snort.org




More information about the Snort-devel mailing list