[Snort-devel] Stream4/Stream5 conf parser fixes

Joel Ebrahimi jebrahimi at ...2280...
Tue Jul 24 02:42:24 EDT 2007


Some of the options when not properly configured in  Stream5 and Stream4 cause segfaulting.
This is similar to some of the fixes made before. Not a big deal as the segfaulting is happening as the conf is parsed, but this will prevent that and display messages useful to the user as to where they went wrong.
 
diff -Naur snort-2.7.0-old/src/preprocessors/spp_stream4.c snort-2.7.0/src/preprocessors/spp_stream4.c
--- snort-2.7.0-old/src/preprocessors/spp_stream4.c 2007-07-03 14:41:46.000000000 -0600
+++ snort-2.7.0/src/preprocessors/spp_stream4.c 2007-07-24 00:04:29.000000000 -0600
@@ -1151,7 +1151,15 @@
         }
         else if(!strcasecmp(stoks[0], "timeout"))
         {
-            if(isdigit((int)stoks[1][0]))
+            if(!stoks[1])
+            {
+                LogMessage("WARNING %s(%d) => Missing timeout in config file, "
+                           "defaulting to %d seconds\n", file_name, file_line, 
+                           PRUNE_QUANTA);
+
+                s4data.timeout = PRUNE_QUANTA;
+            }
+            else if(isdigit((int)stoks[1][0]))
             {
                 s4data.timeout = atoi(stoks[1]);
             }
@@ -1166,7 +1174,12 @@
         }
         else if(!strcasecmp(stoks[0], "memcap"))
         {
-            if(isdigit((int)stoks[1][0]))
+            if(!stoks[1]) 
+            {
+                FatalError("%s(%d) => Missing memcap in config file\n",
+                           file_name, file_line);
+            }
+            else if(isdigit((int)stoks[1][0]))
             {
                 s4data.memcap = atoi(stoks[1]);
 
@@ -1181,13 +1194,18 @@
             }
             else
             {
-                FatalError("%s(%d) => Bad memcap in config file, %d\n",
+                FatalError("%s(%d) => Bad memcap in config file\n",
                            file_name, file_line);
             }
         }
         else if(!strcasecmp(stoks[0], "max_sessions"))
         {
-            if(isdigit((int)stoks[1][0]))
+            if(!stoks[1])
+            {
+                FatalError("%s(%d) => Missing max_sessions in config file\n",
+                           file_name, file_line);
+            }
+            else if(isdigit((int)stoks[1][0]))
             {
                 s4data.max_sessions = atoi(stoks[1]);
 
@@ -1202,8 +1220,8 @@
             }
             else
             {
-                FatalError("%s(%d) => Bad max_sessions in config file, %d\n",
-                           file_name, file_line);
+                FatalError("%s(%d) => Bad max_sessions in config file\n",
+                           file_name, file_line]);
             }
         }
 #ifdef STREAM4_UDP
@@ -1213,7 +1231,12 @@
         }
         else if(!strcasecmp(stoks[0], "max_udp_sessions"))
         {
-            if(isdigit((int)stoks[1][0]))
+            if(!stoks[1]) 
+            {
+                FatalError("%s(%d) => Missing max_udp_sessions in config file\n",
+                           file_name, file_line);
+            }
+            else if(isdigit((int)stoks[1][0]))
             {
                 s4data.max_udp_sessions = atoi(stoks[1]);
 
@@ -1228,7 +1251,7 @@
             }
             else
             {
-                FatalError("%s(%d) => Bad max_udp_sessions in config file, %d\n",
+                FatalError("%s(%d) => Bad max_udp_sessions in config file\n",
                            file_name, file_line);
             }
         }
@@ -1262,7 +1285,12 @@
 #endif
         else if(!strcasecmp(stoks[0], "cache_clean_sessions"))
         {
-            if(isdigit((int)stoks[1][0]))
+            if(!stoks[1]) 
+            {
+                FatalError("%s(%d) => Missing cache cleanup value in "
+                           "config file\n", file_name, file_line);
+            }
+            else if(isdigit((int)stoks[1][0]))
             {
                 s4data.cache_clean_sessions = atoi(stoks[1]);
                 if (s4data.cache_clean_sessions < 1)
@@ -1278,7 +1306,6 @@
             {
                 FatalError("%s(%d) => Bad cache cleanup value in "
                            "config file\n", file_name, file_line);
-
             }
         }
         else if(!strcasecmp(stoks[0], "ttl_limit"))
@@ -1312,7 +1339,15 @@
         }
         else if(!strcasecmp(stoks[0], "self_preservation_threshold"))
         {
-            if(isdigit((int)stoks[1][0]))
+            if(!stoks[1]) 
+            {
+                LogMessage("WARNING %s(%d) => Missing sp_threshold in config file, "
+                           "defaulting to %d new sessions/second\n", file_name, 
+                           file_line, SELF_PRES_THRESHOLD);
+
+                s4data.sp_threshold = SELF_PRES_THRESHOLD;
+            }
+            else if(isdigit((int)stoks[1][0]))
             {
                 s4data.sp_threshold = atoi(stoks[1]);
             }
@@ -1327,11 +1362,20 @@
         }
         else if(!strcasecmp(stoks[0], "self_preservation_period"))
         {
-            if(isdigit((int)stoks[1][0]))
+            if(!stoks[1])   
+            {
+                LogMessage("WARNING %s(%d) => Missing sp_period in config file, "
+                           "defaulting to %d seconds\n", file_name, file_line, 
+                           SELF_PRES_PERIOD);
+
+                s4data.sp_period = SELF_PRES_PERIOD;
+            }
+            else if(isdigit((int)stoks[1][0]))
             {
                 s4data.sp_period = atoi(stoks[1]);
             }
-            else            {
+            else   
+            {
                 LogMessage("WARNING %s(%d) => Bad sp_period in config file, "
                            "defaulting to %d seconds\n", file_name, file_line, 
                            SELF_PRES_PERIOD);
@@ -1341,7 +1385,15 @@
         }
         else if(!strcasecmp(stoks[0], "suspend_threshold"))
         {
-            if(isdigit((int)stoks[1][0]))
+            if(!stoks[1]) 
+            {
+                LogMessage("WARNING %s(%d) => Missing suspend_threshold in config "
+                        "file, defaulting to %d new sessions/second\n", 
+                        file_name, file_line, SUSPEND_THRESHOLD);
+
+                s4data.suspend_threshold = SUSPEND_THRESHOLD;
+            }
+            else if(isdigit((int)stoks[1][0]))
             {
                 s4data.suspend_threshold = atoi(stoks[1]);
             }
@@ -1356,7 +1408,15 @@
         }
         else if(!strcasecmp(stoks[0], "suspend_period"))
         {
-            if(isdigit((int)stoks[1][0]))
+            if(!stoks[1]) 
+            {
+                LogMessage("WARNING %s(%d) => Missing suspend_period in config file, "
+                           "defaulting to %d seconds\n", file_name, file_line, 
+                           SUSPEND_PERIOD);
+
+                s4data.suspend_period = SUSPEND_PERIOD;
+            }
+            else if(isdigit((int)stoks[1][0]))
             {
                 s4data.suspend_period = atoi(stoks[1]);
             }
@@ -1390,7 +1450,12 @@
         }
         else if(!strcasecmp(stoks[0], "server_inspect_limit"))
         {
-            if(isdigit((int)stoks[1][0]))
+            if(!stoks[1]) 
+            {
+                FatalError("WARNING %s(%d) => Missing server_inspect_limit in "
+                           "config file\n", file_name, file_line);
+            }
+            else if(isdigit((int)stoks[1][0]))
             {
                 s4data.server_inspect_limit = atoi(stoks[1]);
             }
@@ -1411,7 +1476,6 @@
         }
 
         mSplitFree(&stoks, s_toks);
-
         i++;
     }
 
diff -Naur snort-2.7.0-old/src/preprocessors/Stream5/snort_stream5_tcp.c snort-2.7.0/src/preprocessors/Stream5/snort_stream5_tcp.c
--- snort-2.7.0-old/src/preprocessors/Stream5/snort_stream5_tcp.c 2007-07-06 09:32:07.000000000 -0600
+++ snort-2.7.0/src/preprocessors/Stream5/snort_stream5_tcp.c 2007-07-23 23:50:28.000000000 -0600
@@ -972,6 +972,11 @@
             }
             else if(!strcasecmp(stoks[0], "policy"))
             {
+                if (!stoks[1] || (endPtr == &stoks[1][0]))
+                {
+                    FatalError("%s(%d) => Invalid Policy in config file. A Policy ID is required\n", file_name, file_line);
+                }
+
                 s5TcpPolicy->policy = StreamPolicyIdFromName(stoks[1]);
 
                 if ((s5TcpPolicy->policy == STREAM_POLICY_DEFAULT) &&
@@ -1025,6 +1030,11 @@
             }
             else if(!strcasecmp(stoks[0], "bind_to"))
             {
+                if (!stoks[1] || (endPtr == &stoks[1][0]))
+                {
+                    FatalError("%s(%d) => Invalid Bind To address space in config file. IP address or network required\n", file_name, file_line);
+                }
+
                 s5TcpPolicy->bound_addrs = IpAddrSetParse(stoks[1]);
                 if (s_toks > 2)
                 {


 

 

//Joel 

 
StillSecure
Joel Ebrahimi
Senior Software Engineer

C 805.570.8311

http://www.stillsecure.com/ <https://webmail.latis.com/exchweb/bin/redir.asp?URL=http://www.stillsecure.com/> 
The information transmitted is intended only for the person
to whom it is addressed and may contain confidential material.
Review or other use of this information by persons other than
the intended recipient is prohibited. If you've received
this in error, please contact the sender and delete
from any computer. 
 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20070724/bfe96fe6/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: snort-2.7.0.diff
Type: application/octet-stream
Size: 8581 bytes
Desc: snort-2.7.0.diff
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20070724/bfe96fe6/attachment.obj>


More information about the Snort-devel mailing list