Project

General

Profile

Bug #251

segfault when using some IDMEF criteria

Added by admin admin almost 15 years ago. Updated over 10 years ago.

Status:
Closed
Priority:
Normal
Target version:
-
Start date:
Due date:
% Done:

0%

Resolution:
fixed

Description

  1. prelude-manager --idmef-criteria -r "alert.target(0).user.category.name"
    Subscribing Normalize to active decoding plugins.
    server started (listening on 127.0.0.1 port 4690).
    server started (listening on 192.168.33.215 port 4690).
    Subscribing db[default] to active reporting plugins.
    Segmentation fault
  1. prelude-manager --version
    Subscribing Normalize to active decoding plugins.
    prelude-manager 0.9.9

strace output:
...
write(1, "Subscribing db[default] to activ"..., 53Subscribing db[default] to active reporting plugins.
) = 53
access("alert.target(0).user.category.name", R_OK) = 1 EACCES (Permission denied)
--
SIGSEGV (Segmentation fault) @ 0 (0) ---
++ killed by SIGSEGV ++

History

#1 Updated by Sebastien Tricaud almost 15 years ago

  • Status changed from New to Closed
  • Resolution set to fixed

The list of idmef items was parsed and if there was only one item that is not valid, it would be iterated producing the segmentation fault.

Thank you very much for you report, this is now fixed in svn, changeset 9809.

https://trac.prelude-ids.org/changeset/9809

#2 Updated by Yoann VANDOORSELAERE almost 15 years ago

(In r9817) Only class element might not be the last element of a path.

This is an additional fix for ticket #251, which should trigger prior
to the r9809 error handling due to a NULL children list, but with a
more descriptive error message (refs #251).

#3 Updated by Yoann VANDOORSELAERE over 13 years ago

  • Project changed from PRELUDE SIEM to Prelude Manager
  • Category deleted (3)
  • Target version deleted (0.9.15)

#4 Updated by Thomas GIRARD over 10 years ago

  • Target version deleted (0.9.15)

Also available in: Atom PDF