[Snort-devel] 2 classifications rule causes segfault

Chris Green cmg at ...81...
Wed May 9 17:19:20 EDT 2001


from policy.rules - the blah's are edited

alert tcp $EXTERNAL_NET any -> $HOME_NET 21 (msg:"INFO FTP anonymous
FTP"; content:"anonymous"; nocase; flags:A+; classtype:not-suspicious;
classtype:not-suspicious;)

#0  chunk_alloc (ar_ptr=0x8172e20, nb=16) at malloc.c:2893
#1  0x80fe6cf in __libc_malloc (bytes=3) at malloc.c:2714
#2  0x804f82c in mSplit (
    str=0xbfffab88 "alert tcp ![blah] any -> [blah] 21 (msg:\"FTP MKD  / - possible warez site\"; flags: A+; content:\"MKD / \"; nocase; depth: 6; classtype:bad-unknown;)", sep=0x813ffc2 " ", max_strs=9, toks=0xbfffab34, 
    meta=0 '\000') at mstring.c:152
#3  0x80503f3 in ParseRule (rule_file=0x819a300, 
    prule=0xbfffcc48 "alert tcp $EXTERNAL_NET any -> $HOME_NET 21 (msg:\"FTP MKD  / - possible warez site\"; flags: A+; content:\"MKD / \"; nocase; depth: 6; classtype:bad-unknown;) ", inclevel=1) at rules.c:436
#4  0x805006c in ParseRulesFile (file=0x84d99b0 "policy.rules", inclevel=1) at rules.c:200
#5  0x8050470 in ParseRule (rule_file=0x8198c68, prule=0xbffff198 "include policy.rules", inclevel=0) at rules.c:525
#6  0x805006c in ParseRulesFile (file=0x817c328 "etc/snort/snort.conf", inclevel=0) at rules.c:200
#7  0x80485f9 in main (argc=14, argv=0xbffff6cc) at snort.c:298
#8  0x80e5d72 in __libc_start_main (main=0x80481dc <main>, argc=14, ubp_av=0xbffff6cc, init=0x80480b4 <_init>, 
    fini=0x813c0e0 <_fini>, rtld_fini=0, stack_end=0xbffff6c4) at ../sysdeps/generic/libc-start.c:129

-- 
Chris Green <cmg at ...81...>
A good pun is its own reword.




More information about the Snort-devel mailing list