ports/154868: patches snort 2.9.0.4 for segfault in HttpInspect and failure to build without --enable-dynamicplugins
Dean Freeman
wfreeman at sourcefire.com
Fri Feb 18 18:10:09 UTC 2011
>Number: 154868
>Category: ports
>Synopsis: patches snort 2.9.0.4 for segfault in HttpInspect and failure to build without --enable-dynamicplugins
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: maintainer-update
>Submitter-Id: current-users
>Arrival-Date: Fri Feb 18 18:10:08 UTC 2011
>Closed-Date:
>Last-Modified:
>Originator: Dean Freeman
>Release: 8-STABLE
>Organization:
Sourcefire, Inc
>Environment:
FreeBSD wdf-wrk1-freebsd-curr-x64.sfeng.sourcefire.com 8.1-RELEASE FreeBSD 8.1-RELEASE #0: Mon Jul 19 02:36:49 UTC 2010 root at mason.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC amd64
>Description:
Snort 2.9.0.4 will fail to build if --enable-dynamicplugin is not provided to configure. A patch supplied by Michael Scheidell provides a fix for this. Also, the VRT has issued a patch to avoid a potential segfault in the HttpInspect hi_client.c and hi_server.c.
This patch bumps the port revision from 2.9.0.4_1 to 2.9.0.4_2.
>How-To-Repeat:
>Fix:
diff -ur snort/Makefile /usr/ports/security/snort/Makefile
--- snort/Makefile 2011-02-18 07:22:59.000000000 -0500
+++ /usr/ports/security/snort/Makefile 2011-02-13 17:17:19.000000000 -0500
@@ -7,7 +7,7 @@
PORTNAME= snort
PORTVERSION= 2.9.0.4
-PORTREVISION= 2
+PORTREVISION= 1
CATEGORIES= security
MASTER_SITES= SF/snort/snort
diff -ur snort/files/patch-DisableDynamic /usr/ports/security/snort/files/patch-DisableDynamic
--- snort/files/patch-DisableDynamic 2011-02-18 07:28:02.000000000 -0500
+++ /usr/ports/security/snort/files/patch-DisableDynamic 2011-02-18 07:32:57.000000000 -0500
@@ -1,110 +0,0 @@
-? cflags.out
-? cppflags.out
-? cscope.out
-? disabledynamic.patch
-? http.patch
-? log
-? make.out
-? rules.work
-? snort-build.sh
-? snort.pc
-? ylwrap
-? etc/snort.conf.work
-? src/dynamic-preprocessors/rzb_saac/Makefile
-? tools/u2boat/u2boat
-? tools/u2spewfoo/u2spewfoo
-Index: src/fpcreate.c
-===================================================================
-RCS file: /usr/cvsroot/sfeng/ims/sfsnort/snort/src/fpcreate.c,v
-retrieving revision 1.107.2.2
-diff -u -p -r1.107.2.2 fpcreate.c
---- src/fpcreate.c 11 Jan 2011 22:54:40 -0000 1.107.2.2
-+++ src/fpcreate.c 17 Feb 2011 20:06:49 -0000
-@@ -70,6 +70,8 @@
- #include "dynamic-plugins/sp_preprocopt.h"
- #endif
-
-+#include "dynamic-plugins/sf_dynamic_define.h"
-+
-
- /*
- * Content flag values
-@@ -1810,9 +1812,11 @@ static int fpAddPortGroupRule(PORT_GROUP
- fpAddAllContents(pg->pgPms[PM_TYPE__CONTENT], otn, id, pmd, fp);
- #endif
-
-+#ifdef DYNAMIC_PLUGIN
- /* No content added */
- if (pmd == preproc_opt_pmds)
- FreePmdList(pmd);
-+#endif
-
- if (fpFinishPortGroupRule(pg, PM_TYPE__MAX, otn, NULL, fp) != 0)
- return -1;
-Index: src/dynamic-plugins/sf_dynamic_define.h
-===================================================================
-RCS file: /usr/cvsroot/sfeng/ims/sfsnort/snort/src/dynamic-plugins/sf_dynamic_define.h,v
-retrieving revision 1.15.4.1
-diff -u -p -r1.15.4.1 sf_dynamic_define.h
---- src/dynamic-plugins/sf_dynamic_define.h 3 Jan 2011 19:58:05 -0000 1.15.4.1
-+++ src/dynamic-plugins/sf_dynamic_define.h 17 Feb 2011 20:06:49 -0000
-@@ -96,5 +96,15 @@ typedef enum {
- #endif
- #endif
-
-+/* Parameters are rule info pointer, int to indicate URI or NORM,
-+ * and list pointer */
-+#define CONTENT_NORMAL 0x01
-+#define CONTENT_HTTP_URI 0x02
-+#define CONTENT_HTTP_HEADER 0x04
-+#define CONTENT_HTTP_CLIENT_BODY 0x08
-+#define CONTENT_HTTP_METHOD 0x10
-+#define CONTENT_HTTP (CONTENT_HTTP_URI|CONTENT_HTTP_HEADER|\
-+ CONTENT_HTTP_CLIENT_BODY|CONTENT_HTTP_METHOD)
-+
- #endif /* _SF_DYNAMIC_DEFINE_H_ */
-
-Index: src/dynamic-plugins/sf_dynamic_engine.h
-===================================================================
-RCS file: /usr/cvsroot/sfeng/ims/sfsnort/snort/src/dynamic-plugins/sf_dynamic_engine.h,v
-retrieving revision 1.54.2.1
-diff -u -p -r1.54.2.1 sf_dynamic_engine.h
---- src/dynamic-plugins/sf_dynamic_engine.h 3 Jan 2011 19:58:06 -0000 1.54.2.1
-+++ src/dynamic-plugins/sf_dynamic_engine.h 17 Feb 2011 20:06:49 -0000
-@@ -77,15 +77,6 @@ typedef struct _FPContentInfo
-
- } FPContentInfo;
-
--/* Parameters are rule info pointer, int to indicate URI or NORM,
-- * and list pointer */
--#define CONTENT_NORMAL 0x01
--#define CONTENT_HTTP_URI 0x02
--#define CONTENT_HTTP_HEADER 0x04
--#define CONTENT_HTTP_CLIENT_BODY 0x08
--#define CONTENT_HTTP_METHOD 0x10
--#define CONTENT_HTTP (CONTENT_HTTP_URI|CONTENT_HTTP_HEADER|\
-- CONTENT_HTTP_CLIENT_BODY|CONTENT_HTTP_METHOD)
- typedef int (*GetDynamicContentsFunction)(void *, int, FPContentInfo **);
- typedef int (*GetDynamicPreprocOptFpContentsFunc)(void *, FPContentInfo **);
- typedef void (*RuleFreeFunc)(void *);
-Index: src/preprocessors/Stream5/snort_stream5_tcp.c
-===================================================================
-RCS file: /usr/cvsroot/sfeng/ims/sfsnort/snort/src/preprocessors/Stream5/snort_stream5_tcp.c,v
-retrieving revision 1.296.2.5
-diff -u -p -r1.296.2.5 snort_stream5_tcp.c
---- src/preprocessors/Stream5/snort_stream5_tcp.c 7 Jan 2011 20:06:05 -0000 1.296.2.5
-+++ src/preprocessors/Stream5/snort_stream5_tcp.c 17 Feb 2011 20:06:49 -0000
-@@ -816,12 +816,12 @@ void Stream5TcpRegisterRuleOptions(void)
- RegisterPreprocessorRuleOption("stream_reassemble", &s5TcpStreamReassembleRuleOptionInit,
- &s5TcpStreamReassembleRuleOptionEval, &s5TcpStreamReassembleRuleOptionCleanup,
- NULL, NULL, NULL, NULL);
--#endif
-
- #ifdef PERF_PROFILING
- RegisterPreprocessorProfile("stream_size", &streamSizePerfStats, 4, &preprocRuleOptionPerfStats);
- RegisterPreprocessorProfile("reassemble", &streamReassembleRuleOptionPerfStats, 4, &preprocRuleOptionPerfStats);
- #endif
-+#endif
-
- }
-
diff -ur snort/files/patch-HttpInspect /usr/ports/security/snort/files/patch-HttpInspect
--- snort/files/patch-HttpInspect 2011-02-18 07:21:22.000000000 -0500
+++ /usr/ports/security/snort/files/patch-HttpInspect 2011-02-18 07:32:51.000000000 -0500
@@ -1,27 +0,0 @@
-Index: src/preprocessors/HttpInspect/client/hi_client.c
-===================================================================
-diff -u -p -r1.97.2.2 hi_client.c
---- src/preprocessors/HttpInspect/client/hi_client.c 27 Jan 2011 00:15:39 -0000 1.97.2.2
-+++ src/preprocessors/HttpInspect/client/hi_client.c 17 Feb 2011 18:48:41 -0000
-@@ -1907,6 +1907,8 @@ static INLINE const u_char *hi_client_ex
- return p;
- }
- header_ptr->content_len.len = 0;
-+ header_ptr->header.uri = start;
-+ header_ptr->header.uri_end = end;
-
- /* This is to skip past the HTTP/1.0 (or 1.1) version string */
- if (IsHttpVersion(&p, end))
-Index: src/preprocessors/HttpInspect/server/hi_server.c
-===================================================================ls
-diff -u -p -r1.59.2.3 hi_server.c
---- src/preprocessors/HttpInspect/server/hi_server.c 27 Jan 2011 00:15:56 -0000 1.59.2.3
-+++ src/preprocessors/HttpInspect/server/hi_server.c 17 Feb 2011 18:48:41 -0000
-@@ -601,6 +601,7 @@ static INLINE const u_char *hi_server_ex
- offset = (u_char*)p;
-
- header_ptr->header.uri = p;
-+ header_ptr->header.uri_end = end;
- header_ptr->content_encoding.compress_fmt = 0;
- header_ptr->content_len.len = 0;
-
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list