Actions
Bug #3490
closedSegfault when facing malformed SNMP rules
Affected Versions:
Effort:
Difficulty:
Label:
Needs backport
Description
In the current 6.0.0 master, Suricata segfaults during rule parsing when facing invalid SNMP rules, e.g.:
alert snmp any any -> any any (msg:"SNMP test1"; snmp.version; sid:1000003;) alert snmp any any -> any any (msg:"SNMP test2"; snmp.pdu_type; sid:1000007;)
leads to:
[10855] 20/2/2020 -- 10:53:13 - (suricata.c:1068) <Notice> (LogVersion) -- This is Suricata version 6.0.0-dev (73bd9e25f 2020-02-19) running in USER mode [10855] 20/2/2020 -- 10:53:13 - (util-cpu.c:171) <Info> (UtilCpuPrintSummary) -- CPUs/cores online: 8 [10855] 20/2/2020 -- 10:53:13 - (util-logopenfile.c:474) <Info> (SCConfLogOpenGeneric) -- fast output device (regular) initialized: fast.log [10855] 20/2/2020 -- 10:53:13 - (util-logopenfile.c:474) <Info> (SCConfLogOpenGeneric) -- eve-log output device (regular) initialized: eve.json [10855] 20/2/2020 -- 10:53:13 - (util-logopenfile.c:474) <Info> (SCConfLogOpenGeneric) -- stats output device (regular) initialized: stats.log [10855] 20/2/2020 -- 10:53:13 - (util-classification-config.c:365) <Info> (SCClassConfParseFile) -- Added "43" classification types from the classification file [10855] 20/2/2020 -- 10:53:13 - (util-reference-config.c:340) <Info> (SCRConfParseFile) -- Added "19" reference types from the reference.config file zsh: segmentation fault (core dumped)
I have a patch available and can provide a PR soon.
Actions