[Snort-devel] [ snort-Bugs-475865 ] Error in duplicate classification check

noreply at ...12... noreply at ...12...
Sun Oct 28 17:32:03 EST 2001


Bugs item #475865, was opened at 2001-10-28 17:27
You can respond by visiting: 
http://sourceforge.net/tracker/?func=detail&atid=103357&aid=475865&group_id=3357

Category: None
Group: None
Status: Open
Resolution: None
Priority: 5
Submitted By: Craig Barraclough (craigba)
Assigned to: Nobody/Anonymous (nobody)
Summary: Error in duplicate classification check

Initial Comment:
in parser.c

if(!strncasecmp(current->type, data, strlen(current-
>type)))

Problem: If classification type already loaded is the 
same as the beginning of another classification type, 
they will incorrectly match

Example:
parsing snort.conf, classification 'suspicious', 
further parsing comes to classification 'suspicious-
login'.
strncasecmp('suspicious', 'suspicious-login', 10) will 
return the first 10 chars are the same. This will 
incorrectly detect the new classification as a 
duplicate.


Resolution: check strlen(data) == strlen(current-
>type) before strncasecmp(....)


----------------------------------------------------------------------

You can respond by visiting: 
http://sourceforge.net/tracker/?func=detail&atid=103357&aid=475865&group_id=3357




More information about the Snort-devel mailing list