[Snort-devel] inBounds() fix less or equal to end ptr
rmkml at ...879...
Sun Jan 25 14:14:09 EST 2009
Im work with snort v220.127.116.11 (and previous) with this rule:
alert udp any any -> any any (msg:"work1"; isdataat:1024; sid:90005;)
same pb with tcp rule:
alert tcp any any -> any any (msg:"work2"; isdataat:1024; sid:90006;)
but this rules not match if udp/tcp packets have payload/data size 1024 !
With this patch (joigned diff), this rules work:
+++ src/bounds.h 2009-01-25 22:33:19.000000000 +0100
static INLINE int inBounds(const u_int8_t *start, const u_int8_t *end, const u_int8_t *p)
- if(p >= start && p < end)
+ if(p >= start && p <= end)
Please Credits to Crusoe Researches.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 237 bytes
More information about the Snort-devel