[Snort-devel] [Snort-Devel] bug in http preprocessor and non ascii characters 2.8.6.1

Ryan Jordan ryan.jordan at ...402...
Wed Mar 16 13:43:13 EDT 2011


Before submitting a bug, please update to a newer version of Snort.
The latest version is 2.9.0.4.

On Wed, Mar 16, 2011 at 1:26 PM, Joel Esler <jesler at ...402...> wrote:
> Please see.
>
> http://www.snort.org/snort-downloads/submit-a-bug
>
>
> Thank you.
>
> --
> Sent from my iPhone
> Forgive my misspellings and briefness
>
> On Mar 16, 2011, at 1:02 PM, matan monitz <mmonitz at ...2499...> wrote:
>
>> hello
>> i am encountering runaway uri buffers when inspecting packets with non ascii characters in the uri
>> what basically happens is that for some reason if the uri contains non printable letters (hebrew ansi from IE for instance) the uri buffer gets filled with header data resulting in false positives
>> i haven't tested the buffers using the methods described in the recent blog post but have tested it with custom rules and was able to recreate the bug
>> is this a known bug or some configuration option i'm missing?
>>  i can post the test pcaps and rules if needed
>>
>> ------------------------------------------------------------------------------
>> Colocation vs. Managed Hosting
>> A question and answer guide to determining the best fit
>> for your organization - today and in the future.
>> http://p.sf.net/sfu/internap-sfd2d
>> _______________________________________________
>> Snort-devel mailing list
>> Snort-devel at lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/snort-devel
>
> ------------------------------------------------------------------------------
> Colocation vs. Managed Hosting
> A question and answer guide to determining the best fit
> for your organization - today and in the future.
> http://p.sf.net/sfu/internap-sfd2d
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-devel
>




More information about the Snort-devel mailing list