Re: PATCH: segfault caused by double free in spo_database.c

[Roman Danyliw <roman () danyliw com>]

Quite right.  The trivial patch is enclosed.

+ fix double free() if new signature could not be INSERTed into the db

cheers,
Roman

On Tue, 15 Jan 2002, Kervin Pierre wrote:

> Hi,
>
> I'm not a snort programmer but, it seems you have a double free in
> spo_datase.c ( snort 1.8.3 )
>
> In the listing below, if sig_id is 0, select0 is going to be free'ed
> twice, line 748 and line 751 .
>
> This has crashed snort a few times on my box.
>
>
> -Kervin
>
>
> #1  0x0805fd32 in Database (p=0xbfffef70, msg=0x85735c8 "MISC Large UDP
> Packet", arg=0x81b8868, event=0x8573394) at spo_database.c:751
> 751              free(select0);
> (gdb) l
> 746              if(sig_id == 0)
> 747              {
> 748                free(select0);
> 749                ErrorMessage("database: Problem inserting a new
> signature '%s'\n", msg);
> 750              }
> 751              free(select0);
> 752
> 753              /* add the external rule references  */
> 754              if(otn_tmp)
> 755              {

Attachment: spo_database.c.patch
Description: