[Snort-devel] Where to do the stuff?

Todd Lewis tlewis at ...120...
Wed Jan 24 13:26:50 EST 2001


On Wed, 24 Jan 2001, Martin Roesch wrote:

> Please use strncmp() (actually, you should use strncasecmp()), people
> send me nasty emails when the search for "overflows" in the Snort source
> and see things like sprintf and strcmp and strcpy.

Leaving aside the fact that if they can plant a buffer overflow in your
config file, they, like, already have access to your config file and
stuff, I will do this.

> Put it in rules.c:EvalOpts() in the last "else" section, that's the code
> that gets called when a OTN has a successful match (hmm, someone should
> comment that... ;).  Here's the code block I'm talking about:
> 
>     else
>     {
>         /* rule match actions are called from EvalHeader */
>         otn_tmp = List;
>         return 1;
>     }

Wow, this was much cleaned up betwixt 1.6 and 1.7.  Ok, I will stick it
around there.

Thanks, Marty!

--
Todd Lewis                                       tlewis at ...120...

  God grant me the courage not to give up what I think is right, even
  though I think it is hopeless.          - Admiral Chester W. Nimitz





More information about the Snort-devel mailing list