Snort mailing list archives
Re: does alertAdd() free pointer after logging?
From: "Ed Borgoyn (eborgoyn)" <eborgoyn () cisco com>
Date: Tue, 3 Mar 2015 17:50:12 +0000
Hi kawsar,
I looked at the implementation of the alertAdd() API and for performance, it directly uses the pointer passed as the
msg argument when it internally queues the alert. So you can’t free() the string after the call. In fact the string
should be static since the alertAdd() only queues the message for later processing.
I hope this helps.
Ed Borgoyn
Cisco Snort Development Team
From: Mohiuddin Ebna Kawsar <mohiuddin.kawsar () gmail com<mailto:mohiuddin.kawsar () gmail com>>
Date: Monday, March 2, 2015 at 11:45 AM
To: "snort-devel () lists sourceforge net<mailto:snort-devel () lists sourceforge net>" <snort-devel () lists
sourceforge net<mailto:snort-devel () lists sourceforge net>>
Cc: "matthias.wuebbeling () cs uni-bonn de<mailto:matthias.wuebbeling () cs uni-bonn de>" <matthias.wuebbeling () cs
uni-bonn de<mailto:matthias.wuebbeling () cs uni-bonn de>>
Subject: [Snort-devel] does alertAdd() free pointer after logging?
Hi,
I was logging msg from my dynamic_preprocessor by
##########################################################
int a ,b;
a = getSize();
b= getSize();
static char* msg = 0;
msg = calloc(strlen(TEST_EVENT_DETECT_STR) + (2 * 10) + 1, sizeof(char*));
snprintf(msg,strlen(TEST_EVENT_DETECT_STR) + (2 * 10), TEST_EVENT_DETECT_STR, a, b);
_dpd.alertAdd(GENERATOR_SPP_TEST, TEST_EVENT_DETECT, TEST_EVENT_DETECT_REV, 0, 1, msg, 0 );
##############################################################
my question is should i free msg, or _dpd.alertAdd() have own implementation to free it?
because while i free msg i don't see any msg in my log file.
Regards
kawsar
------------------------------------------------------------------------------ Dive into the World of Parallel Programming The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- does alertAdd() free pointer after logging? Mohiuddin Ebna Kawsar (Mar 02)
- Re: does alertAdd() free pointer after logging? Ed Borgoyn (eborgoyn) (Mar 03)
- Re: does alertAdd() free pointer after logging? Matthias Wübbeling (Mar 03)
- Re: does alertAdd() free pointer after logging? Steve Sturges (ststurge) (Mar 03)
- Re: does alertAdd() free pointer after logging? Matthias Wübbeling (Mar 03)
- Re: does alertAdd() free pointer after logging? Ed Borgoyn (eborgoyn) (Mar 03)