[Snort-devel] Parser crashed with SEGV (while trying to read from file pointer NULL :-()

Achim Gsell a at ...384...
Wed May 2 12:28:05 EDT 2001


Another SEGV in snort (version 1.8beta4build15):

Program received signal SIGSEGV, Segmentation fault.
0x400951ab in fgets () from /lib/libc.so.6
(gdb) bt
#0  0x400951ab in fgets () from /lib/libc.so.6
#1  0x8062306 in ReadLine (file=0x0) at parser.c:891
#2  0x8061e1e in ParseRuleTypeDeclaration (rule=0xbfffd43c "ruletype drop")
    at parser.c:627
#3  0x805355f in ParseRule (prule=0xbffff4ec "ruletype drop", inclevel=0)
    at rules.c:578
#4  0x8053034 in ParseRulesFile (file=0x8110da8 "/etc/ids/eth0/ids.conf", 
    inclevel=0) at rules.c:204
#5  0x804a5e0 in main (argc=5, argv=0xbffffa14) at snort.c:298
#6  0x40063a8e in __libc_start_main () from /lib/libc.so.6
(gdb) 

The problem is the recursive handling of include files:

After parsing an include file the variable "rule_file" is set to NULL at the 
end of the function "ParseRulesFiles()". But this variable *may* be used 
again in a prior level of the recursion. A quick (and dirty) fix is to set 
the variable in the while() loop again before calling a function where it may 
be used. This fix is quiet simple:

--- snort-20010501/snort/rules.c        Fri Apr 27 08:06:18 2001
+++ snort-20010501.patched/snort/rules.c        Wed May  2 17:32:50 2001
@@ -151,11 +151,11 @@
     bzero((char *) buf, STD_BUF);
 
 
-    rule_file = thefp;
-
     /* loop thru each file line and send it to the rule parser */
     while((fgets(buf, STD_BUF, thefp)) != NULL)
     {
+        rule_file = thefp;
+
         /*
          * inc the line counter so the error messages know which line to
          * bitch about

A better solution would be - in place of using a global variable like 
"rule_file" - to pass the FILE pointer as a paramter to the called functions. 
This shouldn't be very difficult. I will take a look on it later by wine and 
some cheese :-)

Achim

Achim




More information about the Snort-devel mailing list