[Snort-devel] bug in spp_http_decode.c - patch included
cmg at ...402...
Sun Mar 31 18:31:11 EST 2002
"Oliver Friesen" <oliver_friesen at ...445...> writes:
> System Architecture: x86
> Operating System and version: Linux 2.4.5
> What rules (if any) you were using: out of the box defaults
> What command line switches you were using: -X -c -l
> Any Snort error messages: n/a
> http_decode doesn't correctly adjust the packet size or move forward
> the remainder of the request after it has converted escaped
> characters. I discovered this problem due to an actual attack.
Munging the packet is a kludge and always has been unfortunately. In
the head branch, I just made some (untested for Unicode stuff) changes
to only use URI.uri and actually munge the packet.
I'll look at your changes for 1.8.5 tommorrow
Chris Green <cmg at ...402...>
Laugh and the world laughs with you, snore and you sleep alone.
More information about the Snort-devel