[Snort-devel] easily fixable bug in unixsock code to report

Christine E. Jones cej at ...408...
Wed May 2 15:37:48 EDT 2001


I have an x86 machine running FreeBSD 4.2 on which I am using Snort-1.7
with the alert option set to unix sockets (-A unsock).

BUG:  

An alert causes a segmentation fault.

FIX:  

The function SpoAlertUnixSock() within the source file 
spo_alert_unixsock.c contains the following line of code:

bcopy((const void *)msg, (void *)alertpkt.alertmsg, strlen(msg) > 255 ?
256: strlen(msg)+1);

However, the strlen() function coredumps if msg is null. The fix is simply
to make sure that msg != null prior to calling this line of code.

Thanks,

Christine Jones
BBN Technologies
cej at ...409...
617-873-3517
 





More information about the Snort-devel mailing list