[Snort-devel] [ snort-Bugs-506842 ] core dumps on few ICMP echo packets

noreply at ...12... noreply at ...12...
Fri Jan 25 20:52:02 EST 2002


Bugs item #506842, was opened at 2002-01-21 23:39
You can respond by visiting: 
http://sourceforge.net/tracker/?func=detail&atid=103357&aid=506842&group_id=3357

Category: None
Group: None
Status: Open
Resolution: None
Priority: 5
Submitted By: Srinivasa Moorthy R (rsmoorthy)
Assigned to: Nobody/Anonymous (nobody)
Summary: core dumps on few ICMP echo packets

Initial Comment:
Snort core dumps on few ICMP echo packets, those which
have no optional data in the ICMP ECHO and ICMP ECHO
REPLY packets.

If you run snort with the attached file (tcpdump format
file of ICMP echo packet), like "snort -r filename -dve"
snort core dumps.

The probable fix that is listed below, helps solving the
problem.

----------------------*diff decode.c*------------------
1829a1830,1834
>             /* ICMP_HEADER_LEN is set to 8, which
includes identifier and
>              * sequence number field. So there is no
need to move the data
>              * by struct idseq again. Doing so makes
dsize to 65532, when 
>              * there was no optional data.
>              */
1831,1832c1836,1837
<             p->dsize -= sizeof(struct idseq);
<             p->data += sizeof(struct idseq);
---
>             /* p->dsize -= sizeof(struct idseq); */
>             /* p->data += sizeof(struct idseq); */
1835a1841,1845
>             /* ICMP_HEADER_LEN is set to 8, which
includes identifier and
>              * sequence number field. So there is no
need to move the data
>              * by struct idseq again. Doing so makes
dsize to 65532, when 
>              * there was no optional data.
>              */
1837c1847
<             p->dsize -= sizeof(struct idseq);   /*
add the size of the 
---
>             /* p->dsize -= sizeof(struct idseq);*/  
/* add the size of the 
1841c1851
<             p->data += sizeof(struct idseq);
---
>             /* p->data += sizeof(struct idseq); */
----------------------*diff decode.c*------------------

ICMP echo packets with no optional data is typically
sent by Windows 2000 systems to the DC (not a ping
request) to check the availability of the system.

Moorthy
(rsm at ...1089...)



----------------------------------------------------------------------

Comment By: Anders Larsen (alarsen)
Date: 2002-01-24 01:09

Message:
Logged In: YES 
user_id=158901

This bug is actually the same as #494701 that was reported
on the 18.th of december.
It hasn't been addressed, yet  :-(


----------------------------------------------------------------------

You can respond by visiting: 
http://sourceforge.net/tracker/?func=detail&atid=103357&aid=506842&group_id=3357




More information about the Snort-devel mailing list