[Snort-devel] Fwd: Snort3: bug with "-z" when it only in config

Meridoff oagvozd at gmail.com
Tue Nov 20 11:06:57 EST 2018


not only accessing to  uninited but even unallocated array ,created in
PHClass constructor

---------- Forwarded message ---------
From: Meridoff <oagvozd at gmail.com>
Date: вт, 20 нояб. 2018 г. в 19:03
Subject: Snort3: bug with "-z" when it only in config
To: <snort-devel at lists.snort.org>


Hello, when option -z (total instances) is given only in config
(snort["-z"]=true),
then it equals to 1 (default ?) for some of inspectors/plugins/modules,
because they inited between parse_cmd_line and parse_config (where -z lies).

Due to this bug/feature for many instances we have access to uninted array
 p->pp_class.init[slot] in function InspectorManager::thread_init (), when
slot > 1 but this array for some inspectors (appid ,telnet ,etc) has length
1 (see PHClass costructor).

So we must duplicate "-z" in command line or do not use snort["-z"]=true at
all.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20181120/48fcaec3/attachment.html>


More information about the Snort-devel mailing list