[Snort-devel] Byte order problem in icmp_seq check.

Martin Roesch roesch at ...402...
Sun Jun 23 08:02:03 EDT 2002


Patched and committed.

    -Marty


On 6/22/02 6:31 PM, "Andreas Östling" <andreaso at ...387...> wrote:

> 
> There seems to be an issue with the icmp_seq check in at least 1.8.7beta
> build 127 and 1.9-dev build 161 on OpenBSD 3.1/i386.
> 
> In IcmpSeqCheck(), p->icmph->s_icmp_seq which is in network byte order is
> compared to ((IcmpSeqData *) otn->ds_list[PLUGIN_ICMP_SEQ_CHECK])->icmpseq
> which is in host byte order.
> 
> I believe this patch should fix it. (Similar to what's in
> sp_icmp_id_check.c).
> 
> 
> --- sp_icmp_seq_check.c Sun Jun 23 00:09:00 2002
> +++ sp_icmp_seq_check.c Sun Jun 23 00:09:40 2002
> @@ -133,6 +133,7 @@
>    while(isspace((int)*data)) data++;
> 
>    ds_ptr->icmpseq = atoi(data);
> +    ds_ptr->icmpseq = htons(ds_ptr->icmpseq);
> 
> #ifdef DEBUG
>    printf("Set ICMP Seq test value to %d\n", ds_ptr->icmpseq);
> 
> 
> 
> Regards,
> Andreas Östling
> 
> 
> 
> -------------------------------------------------------
> Sponsored by:
> ThinkGeek at http://www.ThinkGeek.com/
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-devel
> 


-- 
Martin Roesch - Founder/CTO Sourcefire Inc. - (410) 290-1616
Sourcefire: Professional Snort Sensor and Management Console appliances
roesch at ...402... - http://www.sourcefire.com
Snort: Open Source Network IDS - http://www.snort.org





More information about the Snort-devel mailing list