[Snort-devel] [Patch] : detect missing semicolon after content

Steven Sturges steve.sturges at ...402...
Tue May 17 08:43:01 EDT 2005


We'll look at this for the next release cycle.
We've are currently working on getting Snort 2.4RC1 ready.

Cheers.
-steve 

> -----Original Message-----
> From: snort-devel-admin at lists.sourceforge.net 
> [mailto:snort-devel-admin at lists.sourceforge.net] On Behalf Of 
> Erik de Castro Lopo
> Sent: Monday, May 16, 2005 11:16 PM
> To: snort-devel at lists.sourceforge.net
> Subject: Re: [Snort-devel] [Patch] : detect missing semicolon 
> after content
> 
> On Tue, 10 May 2005 13:36:32 +1000
> Erik de Castro Lopo <erikd+snort at ...2292...> wrote:
> 
> > RCS file: /cvsroot/snort/src/detection-plugins/sp_pattern_match.c,v
> > retrieving revision 1.65
> > Hi all,
> > 
> > Here is a patch for a bug I mentioned on the list late last week.
> 
> OK, its been a week and I have seen zero response on this issue.
> 
> Let me recap; this bug allows a rule author to write a rule 
> where he thinks he is specifying case insenstive content 
> matching but is in fact specifying case sensitive content matching.
> 
> The patch is inclued again below.
> 
> Erik
> 
> diff -u -r1.65 sp_pattern_match.c
> --- src/detection-plugins/sp_pattern_match.c    28 Jan 2005 
> 21:25:15 -0000      1.65
> +++ src/detection-plugins/sp_pattern_match.c    10 May 2005 
> 03:28:52 -0000
> @@ -1262,6 +1262,7 @@
>      char *idx;
>      char *dummy_idx;
>      char *dummy_end;
> +    char *tmp;
>      char hex_buf[3];
>      u_int dummy_size = 0;
>      int size;
> @@ -1316,6 +1317,18 @@
>      /* Move the null termination up a bit more */
>      *end_ptr = '\0';
>  
> +    /* Is there anything other than whitespace after the 
> trailing double quote? */
> +    tmp = end_ptr + 1;
> +    while (*tmp != '\0' && isspace (*tmp))
> +        tmp++;
> +
> +    if (strlen (tmp) > 0)
> +    {
> +        FatalError("%s(%d) => Bad data (possibly due to 
> missing semicolon) "
> +                    "after trailing double quote.",
> +                    file_name, file_line, end_ptr + 1);
> +    }
> +
>      /* how big is it?? */
>      size = end_ptr - start_ptr;
> 
> 
> --
> -------------------------------------------------------
> [N] Erik de Castro Lopo, Senior Computer Engineer [E] 
> erik.de.castro.lopo at ...2292...
> [W] http://www.sensorynetworks.com
> [T] +61 2 83022726
> [F] +61 2 94750316
> [A] L6/140 William St, East Sydney NSW 2011, Australia
> -------------------------------------------------------
> A good debugger is no substitute for a good test suite.
> 
> 
> -------------------------------------------------------
> This SF.Net email is sponsored by Oracle Space Sweepstakes
> Want to be the first software developer in space?
> Enter now for the Oracle Space Sweepstakes!
> http://ads.osdn.com/?ad_id=7412&alloc_id=16344&op=click
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-devel
> 





More information about the Snort-devel mailing list