[Snort-devel] modification in parser.c

Federico Castañeda F_CASTANEDA at ...2487...
Tue Apr 20 06:32:08 EDT 2004


Send it again in diff format. Sorry.
 
--- snort-2.1.2/src/parser.c    2004-02-04 16:51:12.000000000 -0300
+++ snort-2.1.2-fede/src/parser.c       2004-04-20 10:27:45.000000000 -0300
@@ -1993,8 +1993,8 @@
                         "address list\n", toks[i]););
             tmp = toks[i];
             while (isspace((int)*tmp)||*tmp=='[') tmp++;
-            enbracket = strrchr(tmp, (int)']'); /* null out the en-bracket
*/
-            if(enbracket) *enbracket = '\x0';
+            while ( (enbracket = strrchr(tmp, (int)']')) )
+               *enbracket = '\x0';
 
             if (strlen(tmp) == 0)
                 continue;


-----Original Message-----
From: Federico Castañeda [mailto:F_CASTANEDA at ...2487...]
Sent: Monday, April 19, 2004 3:13 PM
To: 'snort-devel at lists.sourceforge.net'
Subject: [Snort-devel] modification in parser.c



Hi, 

I made a modification to the file parser.c to support multiple variable
reference like this one: 

var     AAA     1.1.1.1 
var     BBB     1.1.1.2 
var     CCC     2.2.2.1 
var     DDD     2.2.2.2 

var     AABB    [$AAA,$BBB] 
var     CCDD    [$CCC,$DDD] 

var     ZZZ     [$AABB,$CCDD] 

De modification was in function ProcessIP() line 2001: 

replace: 

enbracket = strrchr(tmp, (int)']'); /* null out the en-bracket */ 
if(enbracket) 
      *enbracket = '\x0'; 

with: 

while ( enbracket = strrchr(tmp, (int)']')) 
        *enbracket = '\x0'; 


Please take in consideration to include in next release of Snort. 

Thanks in advance, 

Best regards, 

Federico. 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20040420/e9edd219/attachment.html>


More information about the Snort-devel mailing list