Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Snort3: bug with "-z" when it only in config

From: Meridoff via Snort-devel <snort-devel () lists snort org>
Date: Wed, 21 Nov 2018 12:20:55 +0300
Glad to help!

вт, 20 нояб. 2018 г. в 19:53, Tom Peters (thopeter) <thopeter () cisco com>:


Hi,

Really good find. Thanks for reporting this.

We will investigate and fix the problem.

Tom


From: Snort-devel <snort-devel-bounces () lists snort org> on behalf of
Meridoff via Snort-devel <snort-devel () lists snort org>
Reply-To: Meridoff <oagvozd () gmail com>
Date: Tuesday, November 20, 2018 at 11:03 AM
To: "snort-devel () lists snort org" <snort-devel () lists snort org>
Subject: [Snort-devel] Snort3: bug with "-z" when it only in config

Hello, when option -z (total instances) is given only in config
(snort["-z"]=true),
then it equals to 1 (default ?) for some of inspectors/plugins/modules,
because they inited between parse_cmd_line and parse_config (where -z lies).

Due to this bug/feature for many instances we have access to uninted array
 p->pp_class.init[slot] in function InspectorManager::thread_init (), when
slot > 1 but this array for some inspectors (appid ,telnet ,etc) has length
1 (see PHClass costructor).

So we must duplicate "-z" in command line or do not use snort["-z"]=true
at all.


_______________________________________________
Snort-devel mailing list
Snort-devel () lists snort org
https://lists.snort.org/mailman/listinfo/snort-devel

Please visit http://blog.snort.org for the latest news about Snort!
Previous By Date Next
Previous By Thread Next

Current thread: