Snort mailing list archives
Bug in alert_syslog module?
From: "W. Michael Petullo" <mike () flyn org>
Date: Sun, 31 Jan 2021 09:41:56 -0600
I have found that loading the alert_syslog module crashes snort 3.1.0.0 on OpenWrt. (I am the maintainer of the OpenWrt snort packages). It looks like ModuleManager's get_default_module unconditionally passes NULL to the third argument of mod->verified_end(): Module* ModuleManager::get_default_module(const char* s, SnortConfig* sc) { Module* mod = get_module(s); if ( mod ) { mod->verified_begin(s, 0, sc); mod->verified_end(s, 0, nullptr); } return mod; } However, SyslogModule:end unconditionally dereferences its third argument: bool SyslogModule::end(const char*, int, SnortConfig* sc) { if ( sc->daemon_mode() ) options |= LOG_PID; return true; } This dereference of NULL seems to cause the crash. Has anyone else seen this? -- Mike :wq _______________________________________________ Snort-devel mailing list Snort-devel () lists snort org https://lists.snort.org/mailman/listinfo/snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Bug in alert_syslog module? W. Michael Petullo (Jan 31)
- Re: Bug in alert_syslog module? Michael Altizer (mialtize) via Snort-devel (Feb 01)
- the snort3 how to support the suricata rules ? like this keywords? 15135147016--- via Snort-devel (Feb 02)
- Re: the snort3 how to support the suricata rules ? like this keywords? Joel Esler (jesler) via Snort-devel (Feb 02)
- Re: the snort3 how to support the suricata rules ? like this keywords? Joel Esler (jesler) via Snort-devel (Feb 02)
- the snort3 how to support the suricata rules ? like this keywords? 15135147016--- via Snort-devel (Feb 02)
- Re: Bug in alert_syslog module? Michael Altizer (mialtize) via Snort-devel (Feb 01)