[Snort-devel] spo_database.c fix for Oracle DB's

Joel Esler eslerj at ...2499...
Wed Jun 15 12:17:39 EDT 2005


Jeremy et all...

Here's the correct diff for the Oracle output database plugin I was
talking about earlier.  This should use the cast_to_raw command if the
database is oracle, and if not, it should ignore it.

I think it's written correctly, (it compiles right.. but we all know
what that means...) but I need someone to double check it.

Joel

/** This is the diff of the old src/output-plugins/spo_database.c and
the new src/output-plugins/spo_database.c **/

1619,1629c1619,1645
<                     snprintf(query->val, (p->dsize * 2) +
MAX_QUERY_LENGTH - 3,
<                             "INSERT INTO "
<                             "data (sid,cid,data_payload) "
<                             "VALUES ('%u','%u','%s",
<                             data->shared->sid,
<                             data->shared->cid,
<                             packet_data);
<                     strcat(query->val, "')");
<                     free (packet_data);                packet_data = NULL;
<                     free (packet_data_not_escaped);   
packet_data_not_escaped = NULL;
<                 }
---
>                   if(data->shared->dbtype_id == DB_ORACLE)
>                   {
>                       snprintf(query->val, (p->dsize * 2) + MAX_QUERY_LENGTH - 3,
>                               "INSERT INTO "
>                               "data (sid,cid,data_payload) "
>                               "VALUES ('%u','%u',utl_raw.cast_to_raw('%s",
>                               data->shared->sid,
>                               data->shared->cid,
>                               packet_data);
>                       strcat(query->val, "'))");
>                       free (packet_data);                packet_data = NULL;
>                       free (packet_data_not_escaped);    packet_data_not_escaped = NULL;
>                     }
>                   else
>                   {
>                       snprintf(query->val, (p->dsize * 2) + MAX_QUERY_LENGTH - 3,
>                               "INSERT INTO "
>                               "data (sid,cid,data_payload) "
>                               "VALUES ('%u','%u','%s",
>                         data->shared->sid,
>                         data->shared->cid,
>                         packet_data);
>                       strcat(query->val, "')");
>                       free (packet_data);                packet_data = NULL;
>                       free (packet_data_not_escaped);    packet_data_not_escaped = NULL;
>                   }
>               }
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: diff.out
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20050615/3e74165c/attachment.ksh>


More information about the Snort-devel mailing list