[Snort-devel] Snort 2.8.5.2 bug

Fangtu Qiu qiu at ...3070...
Thu Dec 31 16:34:14 EST 2009


There is following code in function addRtnToOtn:

     //add policyId
     if (otn->proto_nodes[policyId])
     {
         DestroyRuleTreeNode(rtn);
     }

     otn->proto_nodes[policyId] = rtn;


It is reusing already freed "rtn". Instead the code should be:

     //add policyId
     if (otn->proto_nodes[policyId])
     {
         DestroyRuleTreeNode(otn->proto_nodes[policyId]);
     }

     otn->proto_nodes[policyId] = rtn;




More information about the Snort-devel mailing list