[Snort-devel] [PATCH]: Use uint8_t for protocol in some Stream5 functions

Joshua.Kinard at ...3108... Joshua.Kinard at ...3108...
Tue Sep 13 23:52:08 EDT 2011

Hi snort-devel,

I noticed that for several function calls in the Stream5 code, a signed
char was being used for the protocol.  Right now, supported Snort
protocols, ICMP, TCP, and UDP, are all under 128 (1, 6, and 17).  For
for protocols >128, this would roll over into a negative number, making
a conditional on the IPPROTO_* macro useless because those macros are
only returning a positive number between 1 and 255.

Per include/linux/in.h (as of 3.0), this would affect IPPROTO_SCTP and

Patch is attached.  There might be more cases in the code, but I only
did a quick grep for "char proto" and fixed the obvious cases.  Other
'protocol' variables are already uint8_t.



PS, cvs.snort.org appears to be messed up again.  Attempt to view any
diff changes on any files reports this:

RCS file: /usr/jail/cvsroot/snort/src/decode.c,v
retrieving revision 1.171
Unable to create temp directory: Too many links

Can someone fix this, as that's the only Snort history log I know of.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: snort-291-protocol-should-be-unsigned.patch
Type: application/octet-stream
Size: 5001 bytes
Desc: snort-291-protocol-should-be-unsigned.patch
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20110913/a6ae3094/attachment.obj>

More information about the Snort-devel mailing list