[Snort-devel] Integer overflow in perfmonitor preprocessor

Mike Cox mike.cox52 at ...2499...
Wed Aug 5 11:48:28 EDT 2015


Just an output bug.  Snort 2.9.7.5 is affected and probably previous
versions. In src/preprocessors/spp_perfmonitor.c there is this code:

                ParseError("Perfmonitor:  Invalid argument to \"%s\".  The "
                        "value must be an integer between 0 and %d.",
                        PERFMON_ARG__PKT_COUNT, UINT32_MAX)

But the printf '%d' is signed and UINT32_MAX is unsigned so you get output
like this:

Perfmonitor:  Invalid argument to "pktcnt".  The value must be an integer
between 0 and -1.

Change '%d' to '%u' to fix.  Then you get proper output like:

Perfmonitor:  Invalid argument to "pktcnt".  The value must be an integer
between 0 and 4294967295.

-Mike Cox
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20150805/7b5295ea/attachment.html>


More information about the Snort-devel mailing list