[Snort-devel] Segfault in 1.8.1-RELEASE in AppendOutputFuncList

Kristofer T. Karas ktk at ...820...
Mon Sep 17 18:19:02 EDT 2001

Hi Marty, et al,

Appologies in advance if this is old news.  I just uncommented the
'mysql' output plugin in snort 1.8.1-RELEASE, and was greeted with a
segfault just after the 'welcome to snort' greeting was printed.

It turns out that in SetOutputList (in rules.c), the old list (stored
either in AlertList or LogList) is free()'ed, but the list itself is not
set to NULL.  When AddFuncToOutputList is next called, it attempts to
append another link onto AlertList or LogList, which segfaults later
(it's already freed memory).

Trivial patch included.  Snort seems to be humming along nicely now...


FWIW, snort is running chrooted in a jail on a Linux 2.2.19, Slackware
7.1 platform, glibc 2.1.3, configured with "--with-mysql --with-flexresp

-------------- next part --------------
--- rules.c.orig	Wed Aug 15 01:54:35 2001
+++ rules.c	Mon Sep 17 20:56:39 2001
@@ -1473,10 +1473,12 @@
         case NT_OUTPUT_ALERT:
             prev = AlertList;
+            AlertList = NULL;
         case NT_OUTPUT_LOG:
             prev = LogList;
+            LogList = NULL;

More information about the Snort-devel mailing list