Snort mailing list archives
Re: Integer overflow in perfmonitor preprocessor
From: Mike Cox <mike.cox52 () gmail com>
Date: Tue, 11 Aug 2015 09:19:49 -0400
Also related to the perfmonitor -- the manual says, for 'max_file_size', "The minimum is 4096 bytes and the maximum is 2147483648 bytes" but there is an off-by-one error because that maximum is not accepted by Snort: Perfmonitor: Invalid argument to "max_file_size". The value must be an integer between 4096 and 2147483647. -Mike Cox On Wed, Aug 5, 2015 at 12:07 PM, Hui cao <huica () cisco com> wrote:
Hi Mike,
Thanks for reporting this issue. We will fix this issue the future release.
Best,
Hui.
On 08/05/2015 11:48 AM, Mike Cox wrote:
Just an output bug. Snort 2.9.7.5 is affected and probably previous
versions. In src/preprocessors/spp_perfmonitor.c there is this code:
ParseError("Perfmonitor: Invalid argument to \"%s\". The
"
"value must be an integer between 0 and %d.",
PERFMON_ARG__PKT_COUNT, UINT32_MAX)
But the printf '%d' is signed and UINT32_MAX is unsigned so you get output
like this:
Perfmonitor: Invalid argument to "pktcnt". The value must be an integer
between 0 and -1.
Change '%d' to '%u' to fix. Then you get proper output like:
Perfmonitor: Invalid argument to "pktcnt". The value must be an integer
between 0 and 4294967295.
-Mike Cox
------------------------------------------------------------------------------
_______________________________________________
Snort-devel mailing listSnort-devel@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/snort-devel
Archive:http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel
Please visit http://blog.snort.org for the latest news about Snort!
------------------------------------------------------------------------------
_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel
Archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel
Please visit http://blog.snort.org for the latest news about Snort!
------------------------------------------------------------------------------
_______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Integer overflow in perfmonitor preprocessor Mike Cox (Aug 05)
- Re: Integer overflow in perfmonitor preprocessor Hui cao (Aug 05)
- Re: Integer overflow in perfmonitor preprocessor Mike Cox (Aug 11)
- Re: Integer overflow in perfmonitor preprocessor Hui cao (Aug 05)