[Snort-devel] [ snort-Bugs-626991 ] snmp pkt sends snort into infinite loop

noreply at ...12... noreply at ...12...
Wed Oct 23 12:21:06 EDT 2002


Bugs item #626991, was opened at 2002-10-22 10:16
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=103357&aid=626991&group_id=3357

Category: None
Group: None
Status: Open
Resolution: None
Priority: 5
Submitted By: Nobody/Anonymous (nobody)
Assigned to: Nobody/Anonymous (nobody)
Summary: snmp pkt sends snort into infinite loop

Initial Comment:
Using version 1.9.0 in IDS mode, snort processed a snmp
getnext pkt, where the pkt length was miscalculated,
sending the function ASN1Decode into an infinite
recursive loop.

While running through the debugger, line 201 of
spp_asn1.c seems to be miscalculating the next length
for the recursion, sending the 'length' variable to
something larger for every iteration:

length = (data[i] << 8 | data[i + 1]);

After 1 hour, snort had alerted 50K+ times for the same
DATUM_BAD_LENGTH alert on the same pkt.

A work around for me was to return 1; after the first
function call to
CallAlert/LogFuncs(...DATUM_BAD_LENGTH...).  Since the
pkt is already flagged for the one alert type, not sure
why the recursion is there in the first place for
further dissecting.

Thanks.




----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=103357&aid=626991&group_id=3357




More information about the Snort-devel mailing list