Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Fwd: Snort3: bug with "-z" when it only in config

From: Meridoff via Snort-devel <snort-devel () lists snort org>
Date: Tue, 20 Nov 2018 19:06:57 +0300
not only accessing to  uninited but even unallocated array ,created in
PHClass constructor

---------- Forwarded message ---------
From: Meridoff <oagvozd () gmail com>
Date: вт, 20 нояб. 2018 г. в 19:03
Subject: Snort3: bug with "-z" when it only in config
To: <snort-devel () lists snort org>


Hello, when option -z (total instances) is given only in config
(snort["-z"]=true),
then it equals to 1 (default ?) for some of inspectors/plugins/modules,
because they inited between parse_cmd_line and parse_config (where -z lies).

Due to this bug/feature for many instances we have access to uninted array
 p->pp_class.init[slot] in function InspectorManager::thread_init (), when
slot > 1 but this array for some inspectors (appid ,telnet ,etc) has length
1 (see PHClass costructor).

So we must duplicate "-z" in command line or do not use snort["-z"]=true at
all.

_______________________________________________
Snort-devel mailing list
Snort-devel () lists snort org
https://lists.snort.org/mailman/listinfo/snort-devel

Please visit http://blog.snort.org for the latest news about Snort!
Previous By Date Next
Previous By Thread Next

Current thread: