[Snort-devel] Patches for spo_database

Thomas Whipp tkw at ...415...
Thu Jul 26 07:39:43 EDT 2001


Hi all,

	while playing around with the database output here
we have found that the TCP options parsing done in the
database output is incorrect - specifically it does not take
into account the 2 bytes used for the option code and length
when encoding the option value.

Kudos for the patch needs to go to Thomas Gill (a summer
student here) - we've tested this with snort-1.7 but not
1.8, however by the look of the code it should be fine.

regards

	Tom

PS:
Patches are attached for the latest spo_database and the one
bundled with the snort 1.7 download.


begin 600 spo_database.c.patchv126
M.#,P8S at ...568...,`H\("`@("`@("`@("`@("`@("`@("`@("`@("`@("!T;7`@/2!F
M87-T:&5X*'`M/G1C<%]O<'1I;VYS6VE=+F1A=&$L('`M/G1C<%]O<'1I;VYS
M6VE=+FQE;BD[(`HM+2T*/B`@("`@("`@("`@("`@("`@("`@("`@("`@("`@
M=&UP(#T at ...569...%S=&AE>"AP+3YT8W!?;W!T:6]N<UMI72YD871A+"`H<"T^=&-P
M7V]P=&EO;G-;:5TN;&5N/3TP*3\P.BAP+3YT8W!?;W!T:6]N<UMI72YL96XM
M,BDI.R`*.#,T8S at ...570...`H\("`@("`@("`@("`@("`@("`@("`@("`@("`@("!T
M;7`@/2!B87-E-C0H<"T^=&-P7V]P=&EO;G-;:5TN9&%T82P@<"T^=&-P7V]P
M=&EO;G-;:5TN;&5N*3L@"BTM+0H^("`@("`@("`@("`@("`@("`@("`@("`@
M("`@("!T;7`@/2!B87-E-C0H<"T^=&-P7V]P=&EO;G-;:5TN9&%T82P@*'`M
M/G1C<%]O<'1I;VYS6VE=+FQE;CT],"D_,#HH<"T^=&-P7V]P=&EO;G-;:5TN
*;&5N+3(I*3L@"@==
`
end

begin 600 spo_database.c.patchv112
M-34S8S4U,PH\("`@("`@("`@("`@("`@("`@("`@("`@("`@("!T;7`@/2!H
M97 at ...206...<"T^=&-P7V]P=&EO;G-;:5TN9&%T82P@<"T^=&-P7V]P=&EO;G-;:5TN
M;&5N*3L@"BTM+0H^("`@("`@("`@("`@("`@("`@("`@("`@("`@("!T;7`@
M/2!H97 at ...206...<"T^=&-P7V]P=&EO;G-;:5TN9&%T82PH<"T^=&-P7V]P=&EO;G-;
M:5TN;&5N/3TP*3\P.BAP+3YT8W!?;W!T:6]N<UMI72YL96XM,BDI.PHU-3=C
M-34W"CP@("`@("`@("`@("`@("`@("`@("`@("`@("`@('1M<"`](&)A<V4V
M-"AP+3YT8W!?;W!T:6]N<UMI72YD871A+"!P+3YT8W!?;W!T:6]N<UMI72YL
M96XI.R`*+2TM"CX@("`@("`@("`@("`@("`@("`@("`@("`@("`@('1M<"`]
M(&)A<V4V-"AP+3YT8W!?;W!T:6]N<UMI72YD871A+"AP+3YT8W!?;W!T:6]N
K<UMI72YL96X]/3`I/S`Z*'`M/G1C<%]O<'1I;VYS6VE=+FQE;BTR*2D["@==
`
end




More information about the Snort-devel mailing list