[Oisf-devel] fix segment fault if http app layer parser is not enabled

Peter Manev petermanev at gmail.com
Sun Jan 8 09:39:49 UTC 2012 

thanks !

On Sun, Jan 8, 2012 at 6:02 AM, Delta Yeh <delta.yeh at gmail.com> wrote:

> Both or  the second one only.
>
> The first patch fix #234 which support enable/disable  app layer
> parser in suricata.yaml file.
>
>  The second patch fix a segment fault if http app layer parser is disabled
> in suricata.yaml because some API exposed by http parser  is called in
> suricata.c.
>
> The app layer parser init is done in a thread module  so we can't
> ensure the init function is called before the API called in suricata.c
>
> So if you apply the first patch, you should also patch the second one.
>
>
>
>
> 2012/1/8 Peter Manev <petermanev at gmail.com>:
> >
> >
> > On Fri, Jan 6, 2012 at 3:00 PM, Victor Julien <victor at inliniac.net>
> wrote:
> >>
> >> On 01/06/2012 02:24 PM, Delta Yeh wrote:
> >> > Hi all,
> >> >   The attachment is the patch to fix segment fault if http app layer
> >> > parser is not enabled.
> >> > This bug is introduced when fix #234.
> >> >
> >> > I would be appreciated if someone will review it.
> >>
> >> It would probably be a good idea to invalidate all signatures that use
> >> http_* content modifiers and "alert http" as well if the app layer
> >> module is disabled.
> >>
> >> --
> >> ---------------------------------------------
> >> Victor Julien
> >> http://www.inliniac.net/
> >> PGP: http://www.inliniac.net/victorjulien.asc
> >> ---------------------------------------------
> >>
> >> _______________________________________________
> >> Oisf-devel mailing list
> >> Oisf-devel at openinfosecfoundation.org
> >> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel
> >
> >
> > should we use just this patch , or should we use it over the previous one
> > you sent ?
> > Thanks
> >
> > --
> > Peter Manev
>



-- 
Peter Manev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-devel/attachments/20120108/4ca5573b/attachment-0002.html>

More information about the Oisf-devel mailing list