Re: Snort3: bug with "-z" when it only in config

["Tom Peters \(thopeter\) via Snort-devel" <snort-devel () lists snort org>]

Hi,

Really good find. Thanks for reporting this.

We will investigate and fix the problem.

Tom


From: Snort-devel <snort-devel-bounces () lists snort org<mailto:snort-devel-bounces () lists snort org>> on behalf of 
Meridoff via Snort-devel <snort-devel () lists snort org<mailto:snort-devel () lists snort org>>
Reply-To: Meridoff <oagvozd () gmail com<mailto:oagvozd () gmail com>>
Date: Tuesday, November 20, 2018 at 11:03 AM
To: "snort-devel () lists snort org<mailto:snort-devel () lists snort org>" <snort-devel () lists snort 
org<mailto:snort-devel () lists snort org>>
Subject: [Snort-devel] Snort3: bug with "-z" when it only in config

Hello, when option -z (total instances) is given only in config (snort["-z"]=true),
then it equals to 1 (default ?) for some of inspectors/plugins/modules, because they inited between parse_cmd_line and 
parse_config (where -z lies).

Due to this bug/feature for many instances we have access to uninted array  p->pp_class.init[slot] in function 
InspectorManager::thread_init (), when slot > 1 but this array for some inspectors (appid ,telnet ,etc) has length 1 
(see PHClass costructor).

So we must duplicate "-z" in command line or do not use snort["-z"]=true at all.

_______________________________________________
Snort-devel mailing list
Snort-devel () lists snort org
https://lists.snort.org/mailman/listinfo/snort-devel

Please visit http://blog.snort.org for the latest news about Snort!