Snort mailing list archives
Re: Segfault using react
From: CleBeer <clebeer () gmail com>
Date: Wed, 4 Jan 2012 18:51:32 -0200
OK Steve Thanks On Wed, Jan 4, 2012 at 6:36 PM, Steven Sturges <ssturges () sourcefire com>wrote:
This looks to be a parse-time error and cannot be triggered remotely by traffic. I've bugged it to generate a configuration error and update the documentation with the limitations of a single % within the configured react page, so we'll get that fixed in a future release. Cheers. -steve On 1/3/12 3:37 PM, CleBeer wrote:Sorry Steve This is not a good answer for a segfault... Why I cant find this in snort manual? why snort crashes instead send a "exit 1" ? cheers On Tue, Jan 3, 2012 at 6:09 PM, Steven Sturges <ssturges () sourcefire com <mailto:ssturges@sourcefire.**com <ssturges () sourcefire com>>> wrote: Currently, only one %s is allowed. Cheers -steve On 1/3/12 2:40 PM, snort user wrote: Hi Cleber, Could you try on snort 2.9.1.2? Thanks On Tue, Jan 3, 2012 at 2:14 PM, CleBeer<clebeer () gmail com <mailto:clebeer () gmail com>> wrote: Hello guys, I'm facing a strange segfault in snort with react. If I set the tag "%s" to show rule message on the html file more than 1 time the snort crashes with Segmentation Fault. Here a sample of the html working fine: ---- <!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.1//EN\"\r\n" \\"http://www.w3.org/TR/__**xhtml11/DTD/xhtml11.dtd\<http://www.w3.org/TR/__xhtml11/DTD/xhtml11.dtd%5C> <http://www.w3.org/TR/xhtml11/**DTD/xhtml11.dtd%5C<http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd%5C>"><html xmlns=\"http://www.w3.org/__**1999/xhtml\<http://www.w3.org/__1999/xhtml%5C> <http://www.w3.org/1999/xhtml%**5C<http://www.w3.org/1999/xhtml%5C>>" xml:lang=\"en\"> <head> <meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8\"> <title>Access Denied</title> </head> <body bgcolor='white'> <font color="FF3300" face="arial"> <h1><p align="center">ACCESS DENIED</h1></p> <p align="center"><img src="http://www.xxx.net/logo._**_gif<http://www.xxx.net/logo.__gif> <http://www.xxx.net/logo.gif>" alt="Logo"></p> <h3><p align="center">Cantact your security team<a href="mailto:security () xxx net <mailto:security () xxx net>?__**Subject=Acces%20Denied:%s">sec** __urity () xxx net <sec__urity () xxx net> <mailto:security () xxx net></a><**/p></h3> </body> </html> --- if I add the line Rule: %s snort crashes Here the html crashing snort: ----- <!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.1//EN\"\r\n" \\"http://www.w3.org/TR/__**xhtml11/DTD/xhtml11.dtd\<http://www.w3.org/TR/__xhtml11/DTD/xhtml11.dtd%5C> <http://www.w3.org/TR/xhtml11/**DTD/xhtml11.dtd%5C<http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd%5C>"><html xmlns=\"http://www.w3.org/__**1999/xhtml\<http://www.w3.org/__1999/xhtml%5C> <http://www.w3.org/1999/xhtml%**5C<http://www.w3.org/1999/xhtml%5C>>" xml:lang=\"en\"> <head> <meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8\"> <title>Access Denied</title> </head> <body bgcolor='white'> <font color="FF3300" face="arial"> <h1><p align="center">ACCESS DENIED</h1></p> <p align="center"><img src="http://www.xxx.net/logo._**_gif<http://www.xxx.net/logo.__gif> <http://www.xxx.net/logo.gif>" alt="Logo"></p> <h3><p align="center">Cantact your security team<a href="mailto:security () xxx net <mailto:security () xxx net>?__**Subject=Acces%20Denied:%s %s">security () xxx net <mailto:security () xxx net></a><** /p></__h3> <p>Rule:%s</p> </body> </html> ---- Some one here facing the same problem? My snort version is: # snort -V ,,_ -*> Snort!<*- o" )~ Version 2.9.2 IPv6 GRE (Build 75) '''' By Martin Roesch& The Snort Team: http://www.snort.org/snort/__**snort-team<http://www.snort.org/snort/__snort-team> <http://www.snort.org/snort/**snort-team<http://www.snort.org/snort/snort-team>Copyright (C) 1998-2011 Sourcefire, Inc., et al. Using libpcap version 1.1.1 Using PCRE version: 8.12 2011-01-15 Using ZLIB version: 1.2.3.4 cheers -- ----------------------------- Cleber S. Brandão Mob. +55 11 9333-9429 <tel:%2B55%2011%209333-9429> clebeerpub.blogspot.com <http://clebeerpub.blogspot.**com<http://clebeerpub.blogspot.com>www.snort.org.br <http://www.snort.org.br> ,, _ o" )~ '' '' http://www.linkedin.com/in/__**clebeer<http://www.linkedin.com/in/__clebeer> <http://www.linkedin.com/in/**clebeer<http://www.linkedin.com/in/clebeer>------------------------------**__----- ------------------------------**__---------------------------- **--__------------------ Write once. Port to many. Get the SDK and tools to simplify cross-platform app development. Create new or port existing apps to sell to consumers worldwide. Explore the Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join <http://appdeveloper.intel.** com/join <http://appdeveloper.intel.com/join>> http://p.sf.net/sfu/intel-__**appdev<http://p.sf.net/sfu/intel-__appdev> <http://p.sf.net/sfu/intel-**appdev<http://p.sf.net/sfu/intel-appdev>______________________________**___________________ Snort-devel mailing list Snort-devel@lists.sourceforge.**__net <mailto:Snort-devel@lists.**sourceforge.net<Snort-devel () lists sourceforge net>https://lists.sourceforge.net/**__lists/listinfo/snort-devel<https://lists.sourceforge.net/__lists/listinfo/snort-devel> <https://lists.sourceforge.**net/lists/listinfo/snort-devel<https://lists.sourceforge.net/lists/listinfo/snort-devel> **> Please visit http://blog.snort.org for the latest news about Snort! ------------------------------**__----------------------------** --__------------------ Write once. Port to many. Get the SDK and tools to simplify cross-platform app development. Create new or port existing apps to sell to consumers worldwide. Explore the Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join <http://appdeveloper.intel.**com/join<http://appdeveloper.intel.com/join>http://p.sf.net/sfu/intel-__**appdev<http://p.sf.net/sfu/intel-__appdev> <http://p.sf.net/sfu/intel-**appdev<http://p.sf.net/sfu/intel-appdev>______________________________**___________________ Snort-devel mailing list Snort-devel@lists.sourceforge.**__net <mailto:Snort-devel@lists.**sourceforge.net<Snort-devel () lists sourceforge net>https://lists.sourceforge.net/**__lists/listinfo/snort-devel<https://lists.sourceforge.net/__lists/listinfo/snort-devel> <https://lists.sourceforge.**net/lists/listinfo/snort-devel<https://lists.sourceforge.net/lists/listinfo/snort-devel> **> Please visit http://blog.snort.org for the latest news about Snort! -- ----------------------------- Cleber S. Brandão Mob. +55 11 9333-9429 clebeerpub.blogspot.com <http://clebeerpub.blogspot.**com<http://clebeerpub.blogspot.com>www.snort.org.br <http://www.snort.org.br> ,, _ o" )~ '' '' http://www.linkedin.com/in/**clebeer <http://www.linkedin.com/in/clebeer> ------------------------------**-----
-- ----------------------------- Cleber S. Brandão Mob. +55 11 9333-9429 clebeerpub.blogspot.com www.snort.org.br ,, _ o" )~ '' '' http://www.linkedin.com/in/clebeer -----------------------------------
------------------------------------------------------------------------------ Ridiculously easy VDI. With Citrix VDI-in-a-Box, you don't need a complex infrastructure or vast IT resources to deliver seamless, secure access to virtual desktops. With this all-in-one solution, easily deploy virtual desktops for less than the cost of PCs and save 60% on VDI infrastructure costs. Try it free! http://p.sf.net/sfu/Citrix-VDIinabox
_______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Segfault using react CleBeer (Jan 03)
- Re: Segfault using react snort user (Jan 03)
- Re: Segfault using react Steven Sturges (Jan 03)
- Re: Segfault using react CleBeer (Jan 03)
- Re: Segfault using react Steven Sturges (Jan 03)
- Re: Segfault using react Steven Sturges (Jan 04)
- Re: Segfault using react CleBeer (Jan 04)
- Re: Segfault using react Steven Sturges (Jan 03)
- Re: Segfault using react snort user (Jan 03)