Snort mailing list archives
Bug in alert_syslog module?
From: "W. Michael Petullo" <mike () flyn org>
Date: Sun, 31 Jan 2021 09:41:56 -0600
I have found that loading the alert_syslog module crashes snort
3.1.0.0 on OpenWrt. (I am the maintainer of the OpenWrt snort packages).
It looks like ModuleManager's get_default_module unconditionally passes
NULL to the third argument of mod->verified_end():
Module* ModuleManager::get_default_module(const char* s, SnortConfig* sc)
{
Module* mod = get_module(s);
if ( mod )
{
mod->verified_begin(s, 0, sc);
mod->verified_end(s, 0, nullptr);
}
return mod;
}
However, SyslogModule:end unconditionally dereferences its third argument:
bool SyslogModule::end(const char*, int, SnortConfig* sc)
{
if ( sc->daemon_mode() )
options |= LOG_PID;
return true;
}
This dereference of NULL seems to cause the crash.
Has anyone else seen this?
--
Mike
:wq
_______________________________________________
Snort-devel mailing list
Snort-devel () lists snort org
https://lists.snort.org/mailman/listinfo/snort-devel
Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Bug in alert_syslog module? W. Michael Petullo (Jan 31)
- Re: Bug in alert_syslog module? Michael Altizer (mialtize) via Snort-devel (Feb 01)
- the snort3 how to support the suricata rules ? like this keywords? 15135147016--- via Snort-devel (Feb 02)
- Re: the snort3 how to support the suricata rules ? like this keywords? Joel Esler (jesler) via Snort-devel (Feb 02)
- Re: the snort3 how to support the suricata rules ? like this keywords? Joel Esler (jesler) via Snort-devel (Feb 02)
- the snort3 how to support the suricata rules ? like this keywords? 15135147016--- via Snort-devel (Feb 02)
- Re: Bug in alert_syslog module? Michael Altizer (mialtize) via Snort-devel (Feb 01)