Where to report bugs

[bshastry]

Hi,

I have been testing snort3 and have managed to find program crashes in read pcap mode. Where do I report them?

Thanks!
Bhargava

[bshastry]

Oops, didn't read carefully enough. They need to be sent to bugs@snort.org

Sorry!

[snortadmin]

Feel free to report on Snort++ issues here. We check both. We will follow up on this one at bugs@. Thanks.

[bshastry]

Mailed a report to bugs@snort.org. Waiting on your acknowledgement :-)

[bshastry]

Heho, re-opening since I didn't get a response from bugs@snort.org

[snortadmin]

Oops, my email only went to back to bugs@. I asked this:

"That's an eth:icmp6 packet, which should be illegal, so our fix would be to fail to decode and drop when inline. Did you craft or capture your pcap?"

We have a fix that will be out later today or early next week on github.

[bshastry]

No worries. Shall I initiate a CVE for this or do you have a security process that already takes this into account?

The reason I ask is that FOSS projects differ in how they handle security bugs. I would like to know what snort's view is.

[snortadmin]

Actually that packet is eth:llc:snap:invalid but due to the Snort++ implementation and a bug in the llc codec (which includes the snap header) it looks to Snort++ like icmp6 and hence the crash.

We have a process. Someone will be contacting you. Thanks.

[snortadmin]

This issue was fixed. The packet manager now does validation of the ether type and will raise 116:473, (decode) ether type out of range as appropriate.