[Snort-devel] snort crash on misconfig'd snort.conf
mnorton at ...402...
Thu Mar 16 11:50:01 EST 2006
Thanks, I will pass this info along to the right people here.
Thomas Washeim wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>testing snort I realized that it can crash if it finds a preprocessor
>rule that looks like this:
>(without the ticks of course). I know that this is not a correct rule
>but I find it quite inconvinient that snort crashes hard with a SIGSEGV.
>I attached a patch for snort 2.4.4 and one for 2.6 that I co'd from the
>current cvs tree.
>The patch also contains a suggestion how to make xlink2state/dynamic
>preprocessor smtp less greedy with memory (it uses an array of 65536 int
>values for the port configuration which is quite wasteful, it can do
>with a 32th of that).
>Please note that for 2.4.x the mini preprocessor xlink2state is one int
>short for the port list, so port 65535 cannot be activated reliably!
>-----BEGIN PGP SIGNATURE-----
>Version: GnuPG v1.4.1 (GNU/Linux)
>Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
>-----END PGP SIGNATURE-----
Marc Norton Snort Team Lead
More information about the Snort-devel