[Snort-devel] easily fixable bug in unixsock code to report

Christine E. Jones cej at ...408...
Wed May 2 15:37:48 EDT 2001

I have an x86 machine running FreeBSD 4.2 on which I am using Snort-1.7
with the alert option set to unix sockets (-A unsock).


An alert causes a segmentation fault.


The function SpoAlertUnixSock() within the source file 
spo_alert_unixsock.c contains the following line of code:

bcopy((const void *)msg, (void *)alertpkt.alertmsg, strlen(msg) > 255 ?
256: strlen(msg)+1);

However, the strlen() function coredumps if msg is null. The fix is simply
to make sure that msg != null prior to calling this line of code.


Christine Jones
BBN Technologies
cej at ...409...

More information about the Snort-devel mailing list