New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Where to report bugs #22

Closed
bshastry opened this Issue Apr 20, 2017 · 8 comments

Comments

Projects
None yet
2 participants
@bshastry

Hi,

I have been testing snort3 and have managed to find program crashes in read pcap mode. Where do I report them?

Thanks!
Bhargava

@bshastry

This comment has been minimized.

Show comment
Hide comment
@bshastry

bshastry Apr 20, 2017

Oops, didn't read carefully enough. They need to be sent to bugs@snort.org

Sorry!

Oops, didn't read carefully enough. They need to be sent to bugs@snort.org

Sorry!

@bshastry bshastry closed this Apr 20, 2017

@snortadmin

This comment has been minimized.

Show comment
Hide comment
@snortadmin

snortadmin Apr 20, 2017

Collaborator

Feel free to report on Snort++ issues here. We check both. We will follow up on this one at bugs@. Thanks.

Collaborator

snortadmin commented Apr 20, 2017

Feel free to report on Snort++ issues here. We check both. We will follow up on this one at bugs@. Thanks.

@bshastry

This comment has been minimized.

Show comment
Hide comment
@bshastry

bshastry Apr 21, 2017

Mailed a report to bugs@snort.org. Waiting on your acknowledgement :-)

Mailed a report to bugs@snort.org. Waiting on your acknowledgement :-)

@bshastry

This comment has been minimized.

Show comment
Hide comment
@bshastry

bshastry Apr 28, 2017

Heho, re-opening since I didn't get a response from bugs@snort.org

Heho, re-opening since I didn't get a response from bugs@snort.org

@bshastry bshastry reopened this Apr 28, 2017

@snortadmin

This comment has been minimized.

Show comment
Hide comment
@snortadmin

snortadmin Apr 28, 2017

Collaborator

Oops, my email only went to back to bugs@. I asked this:

"That's an eth:icmp6 packet, which should be illegal, so our fix would be to fail to decode and drop when inline. Did you craft or capture your pcap?"

We have a fix that will be out later today or early next week on github.

Collaborator

snortadmin commented Apr 28, 2017

Oops, my email only went to back to bugs@. I asked this:

"That's an eth:icmp6 packet, which should be illegal, so our fix would be to fail to decode and drop when inline. Did you craft or capture your pcap?"

We have a fix that will be out later today or early next week on github.

@bshastry

This comment has been minimized.

Show comment
Hide comment
@bshastry

bshastry May 2, 2017

No worries. Shall I initiate a CVE for this or do you have a security process that already takes this into account?

The reason I ask is that FOSS projects differ in how they handle security bugs. I would like to know what snort's view is.

bshastry commented May 2, 2017

No worries. Shall I initiate a CVE for this or do you have a security process that already takes this into account?

The reason I ask is that FOSS projects differ in how they handle security bugs. I would like to know what snort's view is.

@snortadmin

This comment has been minimized.

Show comment
Hide comment
@snortadmin

snortadmin May 2, 2017

Collaborator

Actually that packet is eth:llc:snap:invalid but due to the Snort++ implementation and a bug in the llc codec (which includes the snap header) it looks to Snort++ like icmp6 and hence the crash.

We have a process. Someone will be contacting you. Thanks.

Collaborator

snortadmin commented May 2, 2017

Actually that packet is eth:llc:snap:invalid but due to the Snort++ implementation and a bug in the llc codec (which includes the snap header) it looks to Snort++ like icmp6 and hence the crash.

We have a process. Someone will be contacting you. Thanks.

@snortadmin

This comment has been minimized.

Show comment
Hide comment
@snortadmin

snortadmin May 4, 2017

Collaborator

This issue was fixed. The packet manager now does validation of the ether type and will raise 116:473, (decode) ether type out of range as appropriate.

Collaborator

snortadmin commented May 4, 2017

This issue was fixed. The packet manager now does validation of the ether type and will raise 116:473, (decode) ether type out of range as appropriate.

@snortadmin snortadmin closed this May 4, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment