[Snort-devel] Snort3: bug with "-z" when it only in config

Meridoff oagvozd at gmail.com
Wed Nov 21 04:20:55 EST 2018


Glad to help!

вт, 20 нояб. 2018 г. в 19:53, Tom Peters (thopeter) <thopeter at cisco.com>:

> Hi,
>
> Really good find. Thanks for reporting this.
>
> We will investigate and fix the problem.
>
> Tom
>
>
> From: Snort-devel <snort-devel-bounces at lists.snort.org> on behalf of
> Meridoff via Snort-devel <snort-devel at lists.snort.org>
> Reply-To: Meridoff <oagvozd at gmail.com>
> Date: Tuesday, November 20, 2018 at 11:03 AM
> To: "snort-devel at lists.snort.org" <snort-devel at lists.snort.org>
> Subject: [Snort-devel] Snort3: bug with "-z" when it only in config
>
> Hello, when option -z (total instances) is given only in config
> (snort["-z"]=true),
> then it equals to 1 (default ?) for some of inspectors/plugins/modules,
> because they inited between parse_cmd_line and parse_config (where -z lies).
>
> Due to this bug/feature for many instances we have access to uninted array
>  p->pp_class.init[slot] in function InspectorManager::thread_init (), when
> slot > 1 but this array for some inspectors (appid ,telnet ,etc) has length
> 1 (see PHClass costructor).
>
> So we must duplicate "-z" in command line or do not use snort["-z"]=true
> at all.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20181121/f86a3b9f/attachment.html>


More information about the Snort-devel mailing list