[Snort-devel] Error in duplicate classification check (+ fix)
roesch at ...402...
Sun Oct 28 18:25:01 EST 2001
Patched and committed.
Craig Barraclough wrote:
> in parser.c
> if(!strncasecmp(current->type, data, strlen(current->type)))
> Problem: If classification type already loaded is the same as the beginning
> of another classification type, they will incorrectly match
> parsing snort.conf, classification 'suspicious', further parsing comes to
> classification 'suspicious-login'.
> strncasecmp('suspicious', 'suspicious-login', 10) will return the first 10
> chars are the same.
> This will incorrectly detect the new classification as a duplicate.
> Resolution: check strlen(data) == strlen(current->type) before
> PS I've already submitted a bug at sourceforge.
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
Martin Roesch - President, Sourcefire Inc. - (410)552-6999
roesch at ...402... - http://www.sourcefire.com
Snort: Open Source Network IDS - http://www.snort.org
More information about the Snort-devel