AW: [Snort-devel] snort 1.8.4 build 99 dumps core when using icmp pass rules with i type set
Sandro.Poppi at ...1204...
Tue Mar 19 22:18:02 EST 2002
> > Within the pass.rules file whenever there is a itype
> defined it will core
> > dump. ICMP rules without the itype are parsed correctly.
> What does your itype option look like?
As you can see from the gdb output the rule is
pass icmp any any -> [xxx.xxx.xxx.xxx/32] any (msg:\"allow icmp pings\";
itype: 0, icode: 0;)
> itype; will cause snort to crash unfortunately instead of printing a
> warning. Noted and fixed.
The rules have been the same with no change for the previous installed
version 1.8.4beta1 and 1.8.4, so anywhere in between there has been that bug
> One problem with snort right now is that the same parsing bugs can
> appear in any plugin so we've got the distributed parser problem.
> That architecture problem is on the block to be fixed
More information about the Snort-devel