[ossec-list] Segmentation fault if rules_id list is too large for firewall-drop

Peter M. Abraham Wed, 21 Nov 2007 13:50:35 -0800

Greetings:

When I add rule ID 20151 to be part of the active response chain in
/var/ossec/etc/ossec.conf and restart ossec, I get the following
segmentation
fault:


Starting OSSEC HIDS v1.4 (by Daniel B. Cid)...
/var/ossec/bin/ossec-control: line 248:  2941 Segmentation fault
${DIR}/bin/${i} -t
ossec-maild: Configuration error. Exiting

## BEFORE -- works

<command>firewall-drop</command>
<!-- original <location>local</location> -->
<location>all</location>
<rules_id>5712,5720,9952,100200,100210,100220,100230,100240</rules_id>
<timeout>28800</timeout>
</active-response>

## AFTER -- segmentation fault

<command>firewall-drop</command>
<!-- original <location>local</location> -->
<location>all</location>
<rules_id>5712,5720,9952,20151,100200,100210,100220,100230,100240</
rules_id>
<timeout>28800</timeout>
</active-response>

This has been submitted as http://www.ossec.net/bugs/show_bug.cgi?id=115

Please fix and advise.

Thank you.

[ossec-list] Segmentation fault if rules_id list is too large for firewall-drop

Reply via email to