[Snort-devel] Bug; ts_print() reporting negative years before 2000

David Turnbull david at ...3316...
Mon Jul 23 19:55:33 EDT 2012


I was running some tests on some old data (Darpa 98 training set) and noticed the fast alert reporting a timestamp of '06/05/-2-11:55:15.566704'. Setting the packet timestamp to something very low, you get down to '06/05/-30-11:55:15.566704'.

diff --git a/src/util.c b/src/util.c
index b4b39e0..f87d693 100644
--- a/src/util.c
+++ b/src/util.c
@@ -254,9 +254,17 @@ void ts_print(register const struct timeval *tvp, char *timebuf)
 
     if (ScOutputIncludeYear())
     {
+        int year;
+        if (lt->tm_year < 70)
+            // 00 .. 69
+            year = lt->tm_year - 100;
+        else
+            // 70 ... 99
+            year = lt->tm_year;
+
         (void) SnortSnprintf(timebuf, TIMEBUF_SIZE,
                         "%02d/%02d/%02d-%02d:%02d:%02d.%06u ",
-                        lt->tm_mon + 1, lt->tm_mday, lt->tm_year - 100,
+                        lt->tm_mon + 1, lt->tm_mday, year,
                         s / 3600, (s % 3600) / 60, s % 60,
                         (u_int) tvp->tv_usec);
     }





More information about the Snort-devel mailing list