[Snort-devel] possible segfault on snort-2.9.x.x

Lokesh Bevinamarad (lbevinam) lbevinam at cisco.com
Thu Aug 16 10:22:52 EDT 2018

Thanks Nilesh for pointing this out. We will take a look


From: Snort-devel <snort-devel-bounces at lists.snort.org> On Behalf Of Nilesh K. Patel via Snort-devel
Sent: Thursday, August 16, 2018 7:00 PM
To: snort-devel at lists.snort.org
Subject: [SUSPECTED SPAM] [Snort-devel] possible segfault on snort-2.9.x.x

Discover possible segfault in http pre-processor. Please consider below patch to resolve.

--- a/src/preprocessors/HttpInspect/include/hi_eo_log.h
+++ b/src/preprocessors/HttpInspect/include/hi_eo_log.h
@@ -30,7 +30,7 @@
static inline int hi_eo_generate_event(HI_SESSION *Session, int iAlert)
     if(iAlert && !(Session->norm_flags & HI_BODY) &&
-       !Session->server_conf->no_alerts)
+       Session->server_conf && !Session->server_conf->no_alerts)
         return HI_BOOL_TRUE;

Flow from "checkCacheFlowTimeout" function, there is a chance that server_conf is null as Session pointer is pointing to static variable and current processing packet is non http.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20180816/1e087ea6/attachment.html>

More information about the Snort-devel mailing list