[Snort-devel] Segmentation fault while reloading configuration

Josh Rosenbaum (jrosenba) jrosenba at ...3461...
Fri Mar 28 11:30:33 EDT 2014


Hi Hugo,

Thank you for reporting this bug.  We will look into and address this
problem.

Josh


On 3/27/14, 7:06 PM, "Hugo Vasconcelos Saldanha" <hugovs at ...2499...> wrote:

>Hi snort-devel,
>
>
>While testing snort dynamic reconfiguration feature (--enable-reload),
>I'm getting a segfault in function VerifyOutputs(). The code is
>similar in versions 2.9.6.0 and 2.9.7.0.alpha. Problematic line of
>code is (snort.c:6125 in 2.9.6.0):
>
>                if (strcasecmp(old_output_config->opts,
>                                      new_output_config->opts) == 0)
>
>Pointers are not tested before calling strcasecmp(). This only happens
>when verifying old and new rule_type_output_configs arrays. Some lines
>of code before, the options pointer is tested.
>
>The following patch works for me.
>
>--- snort.c.orig    2014-03-27 22:17:37.945505347 +0000
>+++ snort.c    2014-03-27 22:33:29.864583499 +0000
>@@ -6122,8 +6122,15 @@ static int VerifyOutputs(SnortConfig *ol
>             if (strcasecmp(old_output_config->keyword,
>                            new_output_config->keyword) == 0)
>             {
>-                if (strcasecmp(old_output_config->opts,
>-                               new_output_config->opts) == 0)
>+                if ((old_output_config->opts != NULL) &&
>+                        (new_output_config->opts != NULL) &&
>+                        (strcasecmp(old_output_config->opts,
>new_output_config->opts) == 0))
>+                {
>+                    new_outputs++;
>+                    break;
>+                }
>+                else if (old_output_config->opts == NULL &&
>+                        new_output_config->opts == NULL)
>                 {
>                     new_outputs++;
>                     break;
>
>--
>Hugo
>
>--------------------------------------------------------------------------
>----
>_______________________________________________
>Snort-devel mailing list
>Snort-devel at lists.sourceforge.net
>https://lists.sourceforge.net/lists/listinfo/snort-devel
>Archive:
>http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel
>
>Please visit http://blog.snort.org for the latest news about Snort!





More information about the Snort-devel mailing list