[Snort-devel] bug in sfutil/sfrt.c

Joel Esler jesler at ...402...
Fri Mar 15 10:57:27 EDT 2013


On Mar 12, 2013, at 1:46 AM, Mitesh Jadia <mitesh.jadia at ...2499...> wrote:

> version snort-2.9.2
> 
> FUNCTION:
> 
> table_t *sfrt_new(char table_type, char ip_type, long data_size, uint32_t mem_cap)
> 
> at the end of this function (use after free found. SUP_IP6 is enabled)
> 
> #ifdef SUP_IP6
>     if (!table->rt6)
>     {
>         table->free( table->rt );
>         free(table->data);
>         free(table);
>     }
> #endif
> 
>     return table;
> }

Thanks Mitesh,

We have fixed this in Snort version 2.9.5.0 already.  We are planning on releasing a beta for this soon.

--
Joel Esler
Senior Research Engineer, VRT
OpenSource Community Manager
Sourcefire

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20130315/0da45c4e/attachment.html>


More information about the Snort-devel mailing list