Snort-Bug in Samba-Logging

["Thorsten Sauter" <tsauter () gmx net>]

Hello List,

I have found an little bug in sort-1.8p1. I don't know, if this problem
is fixed in the lastest cvs code, but I can't find any problem
discribtion similar to this.

I've running OpenBSD 2.9-current with Samba 2.0.8 (if, this is the
Problem?).

If I start snort with the following parameters:
    # snort -M /etc/snort/smb.hosts -c /etc/snort/snort.conf

Snort is comming up and check some things, and terminate with an SIGSERV
coredump. After some debugging, I've found, that this is a problem with
smb-alerts. If snort is started without the -M switch everthing works
fine.

The problem is the otn_tmp pointer with is NULL in the funcions SmbAlert
(log.c). Currently I can't say, if this is only an openbsd problem, or
the same will happend on a linux or windows system.

If anybody need more info about my BSD-System, the core-File, or so,
please let me know.


Any hints appreciated.

Thorsten


p.s. This is my little workaround:

diff -Naur snort/log.c mysnort/log.c
--- snort/log.c Tue Jul 10 04:47:17 2001
+++ mysnort/log.c       Sat Aug 11 03:38:31 2001
@@ -1040,9 +1040,10 @@
     char sip[16];
     char dip[16];
     char pri_data[STD_BUF];
-    PriorityData *ds_ptr;
+    PriorityData *ds_ptr = NULL;

-    ds_ptr = (PriorityData *) otn_tmp->ds_list[PLUGIN_PRIORITY_NUMBER];
+    if(otn_tmp != NULL)
+    if(otn_tmp != NULL)

     if(ds_ptr != NULL)
     {


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users