[Snort-devel] ConfigFileSearch stat()'s with uninitialized memory

Benjamin Bennett ben at ...2914...
Thu Dec 7 15:42:58 EST 2006


It seems that since snort-2.0.0, ConfigFileSearch() mallocs space for
"$HOME/.snortrc", but doesn't actually write to that memory before
handing it to stat() as a path string.

This could potentially lead to segfault or using a config file you never
intended to, though in my tests the first byte is consistently null and
just results in $HOME/.snortrc not being used.

Attached patch is against current cvs code, it uncleanly applies and
works with 2.6.1.1

--ben
-------------- next part --------------
A non-text attachment was scrubbed...
Name: snort-snortrc.patch
Type: text/x-patch
Size: 866 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20061207/b0956d48/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: OpenPGP digital signature
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20061207/b0956d48/attachment.sig>


More information about the Snort-devel mailing list