[Snort-devel] Bug in fpEvalHeaderTcp/Udp ?

Daniel Roelker droelker at ...402...
Tue Oct 22 14:02:02 EDT 2002


On 10/21/02 8:19 AM, "Dirk Geschke" <Dirk_Geschke at ...802...> wrote:

> Hi all,
> 
> I think this is a "design" error in fpdetect.c:
> 
>   1131 static INLINE int fpEvalHeaderTcp(Packet *p)
>   1132 {
>   1133     PORT_GROUP *src, *dst, *gen;
>   1134     int retval;
>   1135     unsigned short sp , dp;
>   1136 
>   1137     if(p->sp == 0)
>   1138         sp = -1;
>   1139     else
> 
> if 'sp' is unsinged short so what is sp = -1 ? I think the idea
> was not to use a default port of 65535 which is the result since
> in prmFindRuleGroup this variables (sp and dp) are mapped to int
> variables... (The behaviour for UDP is same.)
> 
> So the ports should be neither unsigned nor a short variable.
> 
> Best regards
> 
> Dirk

Thanks Dirk.  Actually, this port 0 test was a relic from initial versions
of our detection engine that never got removed.  The fix is just to take
these checks out.

-- 
Daniel Roelker
Software Engineer
droelker at ...402...

www.sourcefire.com
www.snort.org







More information about the Snort-devel mailing list