Snort mailing list archives
Re: Integer overflow in perfmonitor preprocessor
From: Mike Cox <mike.cox52 () gmail com>
Date: Tue, 11 Aug 2015 09:19:49 -0400
Also related to the perfmonitor -- the manual says, for 'max_file_size', "The minimum is 4096 bytes and the maximum is 2147483648 bytes" but there is an off-by-one error because that maximum is not accepted by Snort: Perfmonitor: Invalid argument to "max_file_size". The value must be an integer between 4096 and 2147483647. -Mike Cox On Wed, Aug 5, 2015 at 12:07 PM, Hui cao <huica () cisco com> wrote:
Hi Mike, Thanks for reporting this issue. We will fix this issue the future release. Best, Hui. On 08/05/2015 11:48 AM, Mike Cox wrote: Just an output bug. Snort 2.9.7.5 is affected and probably previous versions. In src/preprocessors/spp_perfmonitor.c there is this code: ParseError("Perfmonitor: Invalid argument to \"%s\". The " "value must be an integer between 0 and %d.", PERFMON_ARG__PKT_COUNT, UINT32_MAX) But the printf '%d' is signed and UINT32_MAX is unsigned so you get output like this: Perfmonitor: Invalid argument to "pktcnt". The value must be an integer between 0 and -1. Change '%d' to '%u' to fix. Then you get proper output like: Perfmonitor: Invalid argument to "pktcnt". The value must be an integer between 0 and 4294967295. -Mike Cox ------------------------------------------------------------------------------ _______________________________________________ Snort-devel mailing listSnort-devel@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/snort-devel Archive:http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort! ------------------------------------------------------------------------------ _______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!
------------------------------------------------------------------------------
_______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Integer overflow in perfmonitor preprocessor Mike Cox (Aug 05)
- Re: Integer overflow in perfmonitor preprocessor Hui cao (Aug 05)
- Re: Integer overflow in perfmonitor preprocessor Mike Cox (Aug 11)
- Re: Integer overflow in perfmonitor preprocessor Hui cao (Aug 05)