[Snort-devel] snort crash on misconfig'd snort.conf

Marc Norton mnorton at ...402...
Thu Mar 16 11:50:01 EST 2006

Thanks, I will pass this info along to the right people here.

Thomas Washeim wrote:

>Hash: SHA1
>Hello *,
>testing snort I realized that it can crash if it finds a preprocessor
>rule that looks like this:
>(without the ticks of course). I know that this is not a correct rule
>but I find it quite inconvinient that snort crashes hard with a SIGSEGV.
>I attached a patch for snort 2.4.4 and one for 2.6 that I co'd from the
>current cvs tree.
>The patch also contains a suggestion how to make xlink2state/dynamic
>preprocessor smtp less greedy with memory (it uses an array of 65536 int
>values for the port configuration which is quite wasteful, it can do
>with a 32th of that).
>Please note that for 2.4.x the mini preprocessor xlink2state is one int
>short for the port list, so port 65535 cannot be activated reliably!
>Version: GnuPG v1.4.1 (GNU/Linux)
>Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

Marc Norton      Snort Team Lead
Sourcefire,Inc   410-423-1924
www.snort.org    www.sourcefire.com 

More information about the Snort-devel mailing list