Parsing a badly-formatted rule ends in seg fault #58

imbellish · 2017-09-08T20:41:47Z

To reproduce:

>>> from idstools import rule
>>> rule.parse_file('snort.rules')

NOTE: the second rule is missing a semi-colon after metadata, an obvious cause, but a typo on my part.

snort.rules

 drop ( msg: "REPUTATION_EVENT_BLACKLIST"; sid: 1; gid: 136; rev: 1; metadata: rule-type preproc; classtype:bad-unknown; )
 alert icmp any any -> $HOME_NET any (msg:"ICMP test detected"; gid:0; sid:10000001; rev:1; classtype: icmp-event; metadata:policy balanced-ips drop, policy connectivity-ips drop, policy security-ips drop)
 alert ip any any -> any any (msg: "IP Packet detected"; gid:0; sid:10000002; rev:1; classtype:icmp-event; metadata:policy balanced-ips drop, policy connectivity-ips drop, policy security-ips drop;)
 alert ( msg: "REPUTATION_EVENT_WHITELIST"; sid: 2; gid: 136; rev: 1; metadata: rule-type preproc; classtype:bad-unknown; )

Version information:
I tested this out on two different python versions since seg faults are unusual. Not sure if it affects python 3 but I'd guess that it does.

Python 2.7.6, 2.7.9
idstools 0.6.1, 0.6.2

The text was updated successfully, but these errors were encountered:

Infinite loop would be entered. Issue: #58

jasonish · 2017-11-20T20:49:33Z

Thanks. This should be fixed in master now.

jasonish added a commit that referenced this issue Nov 20, 2017

issue 58: fix case where last rule option is missing ;

cf5980b

Infinite loop would be entered. Issue: #58

jasonish closed this as completed Nov 20, 2017

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Parsing a badly-formatted rule ends in seg fault #58

Parsing a badly-formatted rule ends in seg fault #58

imbellish commented Sep 8, 2017

jasonish commented Nov 20, 2017

Parsing a badly-formatted rule ends in seg fault #58

Parsing a badly-formatted rule ends in seg fault #58

Comments

imbellish commented Sep 8, 2017

jasonish commented Nov 20, 2017