[Snort-devel] Snort bug in Xref handling

Robert A. Seace ras at ...1851...
Mon Mar 10 06:07:09 EST 2003


	Below is a small patch that fixes a bug with snort 1.9.1's
cross-reference handling...  The first change isn't part of
the problem, but it's a bug, anyway...  (It's checking for
"system" being NULL, but there is no variable named "system",
so it's actually checking the glibc system(), which will of
course never be NULL...  Of course, what it wants to check
is "name"...)  The second change is the big one, though: it's
throwing away all newly added reference system nodes, because
it resets the head of the list to what it already was (NULL),
instead of the newly added node...

	This manifested itself in the Xref info always being
printed as "url <blah>" or "cve <blah>" instead of actually
printing "http://<full_xref_url>"...  It irritated me enough
to track down the problem... ;-)

	Anyway, I figured you'd want to know, so you can make
the fix in the official source, too...  I wasn't sure where
to send such things to, so I hope this is the right place...
If anyone wants to reply, please reply directly, because I'm
not on this list...

-- 
||========================================================================||
||    Rob Seace    ||               URL              || ras at ...1851... ||
||  AKA: Agrajag   || http://www.magrathea.com/~ras/ || rob at ...1852... ||
||========================================================================||
"Go bang your heads together, four-eyes."
        - The Restaurant at the End of the Universe
***************************** Cut Here **************************************
--- snort.orig/src/signature.c	Fri Mar  7 15:55:10 2003
+++ snort/src/signature.c	Fri Mar  7 15:43:45 2003
@@ -114,7 +114,7 @@
 ReferenceSystemNode *ReferenceSystemAdd(char *name, char *url)
 {   
     ReferenceSystemNode *newNode;
-    if(system == NULL)
+    if(name == NULL)
     {
         ErrorMessage("WARNING: NULL reference system name\n");
         return NULL;
@@ -135,7 +135,7 @@
 
     /* add to the list */
     newNode->next = referenceSystems;
-    referenceSystems = newNode->next;
+    referenceSystems = newNode;
     return newNode;
 }
 




More information about the Snort-devel mailing list