[Snort-users] PATCH: segfault caused by double free in spo_database.c

Roman Danyliw roman at ...438...
Wed Jan 16 07:21:07 EST 2002


Quite right.  The trivial patch is enclosed.

+ fix double free() if new signature could not be INSERTed into the db

cheers,
Roman

On Tue, 15 Jan 2002, Kervin Pierre wrote:

>
> Hi,
>
> I'm not a snort programmer but, it seems you have a double free in
> spo_datase.c ( snort 1.8.3 )
>
> In the listing below, if sig_id is 0, select0 is going to be free'ed
> twice, line 748 and line 751 .
>
> This has crashed snort a few times on my box.
>
>
> -Kervin
>
>
> #1  0x0805fd32 in Database (p=0xbfffef70, msg=0x85735c8 "MISC Large UDP
> Packet", arg=0x81b8868, event=0x8573394) at spo_database.c:751
> 751              free(select0);
> (gdb) l
> 746              if(sig_id == 0)
> 747              {
> 748                free(select0);
> 749                ErrorMessage("database: Problem inserting a new
> signature '%s'\n", msg);
> 750              }
> 751              free(select0);
> 752
> 753              /* add the external rule references  */
> 754              if(otn_tmp)
> 755              {
>
>

-------------- next part --------------
--- spo_database.c.old3	Wed Jan 16 10:12:21 2002
+++ spo_database.c	Wed Jan 16 10:12:49 2002
@@ -745,7 +745,6 @@
          sig_id = Select(select0,data);
          if(sig_id == 0)
          {
-           free(select0);
            ErrorMessage("database: Problem inserting a new signature '%s'\n", msg);
          }
          free(select0);


More information about the Snort-users mailing list