|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: [snort] Purified snort
From: Erich Meier (Erich.Meier
informatik.uni-erlangen.de)Date: Tue Mar 07 2000 - 10:46:02 CST
- Next message: Martin Roesch: "Re: [snort] Purified snort"
- Previous message: Erich Meier: "Re: [snort] Spurious ALERT msgs in syslog"
- Next in thread: Martin Roesch: "Re: [snort] Purified snort"
- Reply: Martin Roesch: "Re: [snort] Purified snort"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi!
I took the initiative and built a purified version of snort and ran it. For
those who don't know "purify", it is a tool for finding uninitialized memory
reads/writes, dangling pointer accesses, memory leaks and alike (see
http://www.rational.com/products/purify_unix/index.jtmpl).
It found only one really small glitch in line 342 of sp_pattern_match.c:
void ParsePattern(char *rule, OptTreeNode *otn)
{
...
char hex_buf[9];
...
if(dummy_idx < dummy_end) {
tmp_buf[dummy_size] = (u_long) strtol(hex_buf, (char **)NULL, 16);
^^
This "16" looks very suspicious
to me. I guess, it should read 8.
After stopping snort, purify notified me, that the mSplit() function leaks
memory in lines 126 and 195 of mstring.c. But code inspection tells me, that
this is more or less unavoidable and - more important - very static.
Regards,
Erich
-- Erich Meier Erich.Meier
- Next message: Martin Roesch: "Re: [snort] Purified snort"
- Previous message: Erich Meier: "Re: [snort] Spurious ALERT msgs in syslog"
- Next in thread: Martin Roesch: "Re: [snort] Purified snort"
- Reply: Martin Roesch: "Re: [snort] Purified snort"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]