[Snort-devel] [ snort-Bugs-546186 ] Core dump in portscan parse for HOME_NET

noreply at ...12... noreply at ...12...
Sat Apr 20 16:37:02 EDT 2002


Bugs item #546186, was opened at 2002-04-19 09:06
You can respond by visiting: 
http://sourceforge.net/tracker/?func=detail&atid=103357&aid=546186&group_id=3357

Category: None
Group: None
Status: Open
Resolution: None
Priority: 5
Submitted By: Nobody/Anonymous (nobody)
Assigned to: Nobody/Anonymous (nobody)
Summary: Core dump in portscan parse for HOME_NET

Initial Comment:
Core dump is happened in line: 
preprocessor portscan: $HOME_NET 4 3 portscan.log

if HOME_NET have an space between [ and IP CIDR, like:

var HOME_NET [ xxx.xxx.xxx.xxx/24]


here the info from gdb explanation for core file:

(gdb) where
#0  0x0805c7be in PortscanParseIP (addr=0x80eb518 "[") 
at spp_portscan.c:1735
#1  0x0805bf57 in ParsePortscanArgs (args=0x80eb4a8 "[ 
4 3 portscan.log")
    at spp_portscan.c:1263
#2  0x0805bdf2 in PortscanInit (args=0x80eb4a8 "[ 4 3 
portscan.log")
    at spp_portscan.c:1087
#3  0x08054497 in ParsePreprocessor (
    rule=0xbfffd5b0 "preprocessor portscan: [ 4 3 
portscan.log") at rules.c:1336
#4  0x08053c07 in ParseRule (rule_file=0x80c9be0, 
    prule=0xbffff670 "preprocessor portscan: $HOME_NET 
4 3 portscan.log", inclevel=0)
    at rules.c:538
#5  0x080537cc in ParseRulesFile 
(file=0x809fb64 ".snortrc/snort.conf", inclevel=0)
    at rules.c:198
#6  0x0804a76d in main (argc=5, argv=0xbffffba4) at 
snort.c:335
#7  0x40080627 in __libc_start_main (main=0x804a340 
<main>, argc=5, ubp_av=0xbffffba4, 
    init=0x8049a60 <_init>, fini=0x8083110 <_fini>, 
rtld_fini=0x4000dcc4 <_dl_fini>, 
    stack_end=0xbffffb9c) at ../sysdeps/generic/libc-
start.c:129



----------------------------------------------------------------------

You can respond by visiting: 
http://sourceforge.net/tracker/?func=detail&atid=103357&aid=546186&group_id=3357




More information about the Snort-devel mailing list