Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Segfault using react

From: Steven Sturges <ssturges () sourcefire com>
Date: Wed, 04 Jan 2012 15:36:55 -0500
This looks to be a parse-time error and cannot be triggered
remotely by traffic.

I've bugged it to generate a configuration error and
update the documentation with the limitations of a single
% within the configured react page, so we'll get that fixed
in a future release.

Cheers.
-steve

On 1/3/12 3:37 PM, CleBeer wrote:

Sorry Steve

This is not a good answer for a segfault...

Why I cant find this in snort manual?
why snort crashes instead send a "exit 1" ?


cheers

On Tue, Jan 3, 2012 at 6:09 PM, Steven Sturges <ssturges () sourcefire com
<mailto:ssturges () sourcefire com>> wrote:

    Currently, only one %s is allowed.

    Cheers
    -steve


    On 1/3/12 2:40 PM, snort user wrote:

        Hi Cleber,

        Could you try on snort 2.9.1.2?

        Thanks




        On Tue, Jan 3, 2012 at 2:14 PM, CleBeer<clebeer () gmail com
        <mailto:clebeer () gmail com>>  wrote:

            Hello guys,

            I'm facing a strange segfault in snort with react.

            If I set the tag "%s" to show rule message on the html file
            more than 1 time
            the snort crashes with Segmentation Fault.

            Here a sample of the html working fine:

            ----
            <!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.1//EN\"\r\n"
            \\"http://www.w3.org/TR/__xhtml11/DTD/xhtml11.dtd\
            <http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd%5C>">
            <html xmlns=\"http://www.w3.org/__1999/xhtml\
            <http://www.w3.org/1999/xhtml%5C>" xml:lang=\"en\">
            <head>
            <meta http-equiv=\"Content-Type\" content=\"text/html;
            charset=UTF-8\">
            <title>Access Denied</title>
            </head>
            <body  bgcolor='white'>
            <font color="FF3300" face="arial">
            <h1><p align="center">ACCESS DENIED</h1></p>
            <p align="center"><img src="http://www.xxx.net/logo.__gif
            <http://www.xxx.net/logo.gif>" alt="Logo"></p>
            <h3><p align="center">Cantact your security team<a
            href="mailto:security () xxx net
            <mailto:security () xxx net>?__Subject=Acces%20Denied:%s">sec__urity () xxx net
            <mailto:security () xxx net></a></p></h3>
            </body>
            </html>
            ---

            if I add the line
            Rule: %s
            snort crashes

            Here the html crashing snort:

            -----
            <!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.1//EN\"\r\n"
            \\"http://www.w3.org/TR/__xhtml11/DTD/xhtml11.dtd\
            <http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd%5C>">
            <html xmlns=\"http://www.w3.org/__1999/xhtml\
            <http://www.w3.org/1999/xhtml%5C>" xml:lang=\"en\">
            <head>
            <meta http-equiv=\"Content-Type\" content=\"text/html;
            charset=UTF-8\">
            <title>Access Denied</title>
            </head>
            <body  bgcolor='white'>
            <font color="FF3300" face="arial">
            <h1><p align="center">ACCESS DENIED</h1></p>
            <p align="center"><img src="http://www.xxx.net/logo.__gif
            <http://www.xxx.net/logo.gif>" alt="Logo"></p>
            <h3><p align="center">Cantact your security team<a
            href="mailto:security () xxx net
            <mailto:security () xxx net>?__Subject=Acces%20Denied:%s
            %s">security () xxx net <mailto:security () xxx net></a></p></__h3>
            <p>Rule:%s</p>
            </body>
            </html>
            ----


            Some one here facing the same problem?


            My snort version is:
            # snort -V

                ,,_     -*>  Snort!<*-
               o"  )~   Version 2.9.2 IPv6 GRE (Build 75)
            ''''    By Martin Roesch&  The Snort Team:

            http://www.snort.org/snort/__snort-team
            <http://www.snort.org/snort/snort-team>
                        Copyright (C) 1998-2011 Sourcefire, Inc., et al.
                        Using libpcap version 1.1.1
                        Using PCRE version: 8.12 2011-01-15
                        Using ZLIB version: 1.2.3.4




            cheers

            --
            -----------------------------
            Cleber S. Brandão
            Mob. +55 11 9333-9429 <tel:%2B55%2011%209333-9429>

            clebeerpub.blogspot.com <http://clebeerpub.blogspot.com>
            www.snort.org.br <http://www.snort.org.br>
               ,, _
              o"    )~
            '' ''
            http://www.linkedin.com/in/__clebeer
            <http://www.linkedin.com/in/clebeer>
            ------------------------------__-----

            ------------------------------__------------------------------__------------------
            Write once. Port to many.
            Get the SDK and tools to simplify cross-platform app
            development. Create
            new or port existing apps to sell to consumers worldwide.
            Explore the
            Intel AppUpSM program developer opportunity.
            appdeveloper.intel.com/join <http://appdeveloper.intel.com/join>
            http://p.sf.net/sfu/intel-__appdev
            <http://p.sf.net/sfu/intel-appdev>
            _________________________________________________
            Snort-devel mailing list
            Snort-devel@lists.sourceforge.__net
            <mailto:Snort-devel () lists sourceforge net>
            https://lists.sourceforge.net/__lists/listinfo/snort-devel
            <https://lists.sourceforge.net/lists/listinfo/snort-devel>

            Please visit http://blog.snort.org for the latest news about
            Snort!


        ------------------------------__------------------------------__------------------
        Write once. Port to many.
        Get the SDK and tools to simplify cross-platform app
        development. Create
        new or port existing apps to sell to consumers worldwide.
        Explore the
        Intel AppUpSM program developer opportunity.
        appdeveloper.intel.com/join <http://appdeveloper.intel.com/join>
        http://p.sf.net/sfu/intel-__appdev
        <http://p.sf.net/sfu/intel-appdev>
        _________________________________________________
        Snort-devel mailing list
        Snort-devel@lists.sourceforge.__net
        <mailto:Snort-devel () lists sourceforge net>
        https://lists.sourceforge.net/__lists/listinfo/snort-devel
        <https://lists.sourceforge.net/lists/listinfo/snort-devel>

        Please visit http://blog.snort.org for the latest news about Snort!




--
-----------------------------
Cleber S. Brandão
Mob. +55 11 9333-9429

clebeerpub.blogspot.com <http://clebeerpub.blogspot.com>
www.snort.org.br <http://www.snort.org.br>
   ,, _
  o"    )~
'' ''
http://www.linkedin.com/in/clebeer
-----------------------------------


------------------------------------------------------------------------------
Ridiculously easy VDI. With Citrix VDI-in-a-Box, you don't need a complex
infrastructure or vast IT resources to deliver seamless, secure access to
virtual desktops. With this all-in-one solution, easily deploy virtual 
desktops for less than the cost of PCs and save 60% on VDI infrastructure 
costs. Try it free! http://p.sf.net/sfu/Citrix-VDIinabox
_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel

Please visit http://blog.snort.org for the latest news about Snort!
Previous By Date Next
Previous By Thread Next

Current thread: