Minor bug - snort 2.4.4 crashes on early signals

Hi everyone,

playing around with snort 2.4.4 on Linux I recognized a segfault after an
early Ctrl+C when running in foreground.

Digging a bit deeper I found that the signal handlers in snort.c simply call
CleanExit() which in most cases calls DropStats() from util.c to print packet
statistics.

DropStats() uses pcap_stats from libpcap to get its values. The libpcap
functions do not seem to check for NULL pointers as arguments like in the
following example (from pcap.c, libpcap-0.9.4):

int pcap_stats(pcap_t *p, struct pcap_stat *ps) {
        return p->stats_op(p, ps);
}

This obviously leads to a NULL pointer reference and thus a crash in early
states when the pcap handle is still uninizialized. After my fancy, checks to
prevent this should be made at least within the libpcap functions, and a 
library routine should not rely on a programmer using it to check for proper 
parameter values. However, you might want to work arouns it as well.

Hope my testing is right. Thanks for your work.

Best regards,
Tillmann


-------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642