Snort mailing list archives
Integer overflow in perfmonitor preprocessor
From: Mike Cox <mike.cox52 () gmail com>
Date: Wed, 5 Aug 2015 11:48:28 -0400
Just an output bug. Snort 2.9.7.5 is affected and probably previous
versions. In src/preprocessors/spp_perfmonitor.c there is this code:
ParseError("Perfmonitor: Invalid argument to \"%s\". The "
"value must be an integer between 0 and %d.",
PERFMON_ARG__PKT_COUNT, UINT32_MAX)
But the printf '%d' is signed and UINT32_MAX is unsigned so you get output
like this:
Perfmonitor: Invalid argument to "pktcnt". The value must be an integer
between 0 and -1.
Change '%d' to '%u' to fix. Then you get proper output like:
Perfmonitor: Invalid argument to "pktcnt". The value must be an integer
between 0 and 4294967295.
-Mike Cox
------------------------------------------------------------------------------
_______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Integer overflow in perfmonitor preprocessor Mike Cox (Aug 05)
- Re: Integer overflow in perfmonitor preprocessor Hui cao (Aug 05)
- Re: Integer overflow in perfmonitor preprocessor Mike Cox (Aug 11)
- Re: Integer overflow in perfmonitor preprocessor Hui cao (Aug 05)