[-]
[+]
|
Changed |
snort.changes
|
|
[-]
[+]
|
Changed |
snort.spec
^
|
|
[-]
[+]
|
Changed |
snort-2.9.3.1.tar.bz2/ChangeLog
^
|
@@ -1,3 +1,50 @@
+2012-07-30 Hui Cao <hcao@sourcefire.com>
+Snort 2.9.3.1
+ * src/build.h:
+ Updated build number to 40
+
+ * src/sfutil/acsmx2.c:
+ Release memory during return.
+
+ * src/dynamic-preprocessors/sip/sip_config.c:
+ Free method struct when method->methodName is NULL.
+
+ * src/: detection-plugins/detection_options.c,
+ detection-plugins/sp_byte_check.c,
+ detection-plugins/sp_byte_extract.c,
+ detection-plugins/sp_byte_jump.c, dynamic-plugins/sp_dynamic.c,
+ dynamic-plugins/sp_preprocopt.c:
+ Fix constant expression in hashing routines for 64bit platforms.
+
+ * src/dynamic-preprocessors/dcerpc2/dce2_smb.c:
+ Fix Samba chained OpenAndX -> Write command handling.
+
+ * src/active.c:
+ Check for TCP RST flag regardless of other flags to block resetting
+ resets.
+
+ * src/: active.c, decode.c, detection-plugins/sp_pcre.c,
+ dynamic-plugins/sf_convert_dynamic.c,
+ dynamic-plugins/sf_dynamic_plugins.c,
+ dynamic-plugins/sf_dynamic_preprocessor.h,
+ dynamic-plugins/sp_dynamic.c,
+ dynamic-preprocessors/dnp3/dnp3_map.c,
+ dynamic-preprocessors/reputation/reputation_config.c,
+ dynamic-preprocessors/sdf/spp_sdf.c,
+ dynamic-preprocessors/sip/sip_config.c,
+ dynamic-preprocessors/sip/sip_roptions.c,
+ dynamic-preprocessors/smtp/spp_smtp.c,
+ output-plugins/spo_alert_unixsock.c,
+ preprocessors/spp_httpinspect.c, preprocessors/spp_perfmonitor.c,
+ preprocessors/HttpInspect/client/hi_client.c,
+ preprocessors/HttpInspect/server/hi_server.c,
+ sfutil/bnfa_search.c, sfutil/sf_iph.c,
+ target-based/sf_attribute_table_parser.l:
+ Parse time memory cleanup
+
+ * src/dynamic-preprocessors/dcerpc2/dce2_utils.h:
+ Fixed issue on big endian systems where behaviour was incorrect.
+
2012-07-10 Todd Wease <twease@sourcefire.com>
Snort 2.9.3
|
[-]
[+]
|
Changed |
snort-2.9.3.1.tar.bz2/configure
^
|
@@ -3044,7 +3044,7 @@
# Define the identity of the package.
PACKAGE=snort
- VERSION=2.9.3
+ VERSION=2.9.3.1
cat >>confdefs.h <<_ACEOF
|
[-]
[+]
|
Changed |
snort-2.9.3.1.tar.bz2/configure.in
^
|
@@ -6,7 +6,7 @@
AM_CONFIG_HEADER(config.h)
# When changing the snort version, please also update the VERSION
# definition in "src/win32/WIN32-Includes/config.h"
-AM_INIT_AUTOMAKE(snort,2.9.3)
+AM_INIT_AUTOMAKE(snort,2.9.3.1)
NO_OPTIMIZE="no"
ADD_WERROR="no"
|
|
Changed |
snort-2.9.3.1.tar.bz2/doc/snort_manual.pdf
^
|
[-]
[+]
|
Changed |
snort-2.9.3.1.tar.bz2/etc/snort.conf
^
|
@@ -10,7 +10,7 @@
# Snort bugs: bugs@snort.org
#
# Compatible with Snort Versions:
-# VERSIONS : 2.9.3
+# VERSIONS : 2.9.3.1
#
# Snort build options:
# OPTIONS : --enable-ipv6 --enable-gre --enable-mpls --enable-targetbased --enable-ppm --enable-perfprofiling --enable-zlib --enable-active-response --enable-normalizer --enable-reload --enable-react --enable-flexresp3
|
[-]
[+]
|
Changed |
snort-2.9.3.1.tar.bz2/rpm/snort.spec
^
|
@@ -36,14 +36,14 @@
Name: %{realname}
-Version: 2.9.3
+Version: 2.9.3.1
Epoch: 1
Release: %{release}
Summary: An open source Network Intrusion Detection System (NIDS)
Group: Applications/Internet
License: GPL
Url: http://www.snort.org/
-Source0: http://www.snort.org/snort-downloads/2.9.1/%{realname}-%{version}.tar.gz
+Source0: http://www.snort.org/snort-downloads/2.9.3/%{realname}-%{version}.tar.gz
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
Packager: Official Snort.org %{for_distro}
|
[-]
[+]
|
Changed |
snort-2.9.3.1.tar.bz2/src/active.c
^
|
@@ -284,7 +284,7 @@
** spoofed ourselves, thus inflicting a self-induced DOS
** attack.
*/
- return ( p->tcph->th_flags != TH_RST );
+ return ( !(p->tcph->th_flags & TH_RST) );
}
int Active_IsUNRCandidate(const Packet* p)
@@ -393,6 +393,9 @@
if ( !Active_IsEnabled() )
return 0;
+ if ( Active_PacketWouldBeDropped() )
+ return 0;
+
if ( !IPH_IS_VALID(p) )
return 0;
|
[-]
[+]
|
Changed |
snort-2.9.3.1.tar.bz2/src/build.h
^
|
@@ -1 +1 @@
-#define BUILD "37"
+#define BUILD "40"
|
[-]
[+]
|
Changed |
snort-2.9.3.1.tar.bz2/src/decode.c
^
|
@@ -3526,6 +3526,7 @@
case 0x000000FB: // mDNSv6
case 0x00010003: // All-dhcp-servers
case 0x00010004: // Deprecated
+ case 0x00010005: // SL-MANET-ROUTERS
break;
default:
DecoderEvent(p, DECODE_IPV6_DST_RESERVED_MULTICAST,
@@ -3586,7 +3587,7 @@
DECODE_IPV6_DST_RESERVED_MULTICAST_STR, 1, 1);
}
}
- else if ((p->ip6h->ip_dst.ip.u6_addr8[1] & 0xF0) == 3)
+ else if ((p->ip6h->ip_dst.ip.u6_addr8[1] & 0xF0) == 0x30)
{
// Source-Specific Multicast block
if ((ntohl(p->ip6h->ip_dst.ip.u6_addr32[3]) >= 0x40000001) &&
|
[-]
[+]
|
Changed |
snort-2.9.3.1.tar.bz2/src/detection-plugins/detection_options.c
^
|
@@ -610,7 +610,7 @@
* warning on 64bit OSs */
uint64_t ptr; /* Addresses are 64bits */
ptr = (uint64_t)node->children[i]->option_data;
- a += (ptr << 32) & 0XFFFFFFFF;
+ a += (ptr >> 32);
b += (ptr & 0xFFFFFFFF);
}
#else
|
[-]
[+]
|
Changed |
snort-2.9.3.1.tar.bz2/src/detection-plugins/sp_byte_check.c
^
|
@@ -184,7 +184,7 @@
uint64_t ptr; /* Addresses are 64bits */
ptr = (uint64_t) data->byte_order_func;
- a += (ptr << 32) & 0XFFFFFFFF;
+ a += (ptr >> 32);
b += (ptr & 0xFFFFFFFF);
}
#else
|
[-]
[+]
|
Changed |
snort-2.9.3.1.tar.bz2/src/detection-plugins/sp_byte_jump.c
^
|
@@ -156,7 +156,7 @@
uint64_t ptr; /* Addresses are 64bits */
ptr = (uint64_t) data->byte_order_func;
- a += (ptr << 32) & 0XFFFFFFFF;
+ a += (ptr >> 32);
b += (ptr & 0xFFFFFFFF);
}
#else
|
[-]
[+]
|
Changed |
snort-2.9.3.1.tar.bz2/src/detection-plugins/sp_pcre.c
^
|
@@ -513,7 +513,7 @@
return;
syntax:
- if(free_me) free(free_me);
+ free(free_me);
FatalError("%s Line %d => unable to parse pcre regex %s\n",
file_name, file_line, data);
|
[-]
[+]
|
Changed |
snort-2.9.3.1.tar.bz2/src/dynamic-plugins/sf_convert_dynamic.c
^
|
@@ -550,7 +550,10 @@
/* Convert struct for rule option */
if (!flowbitInfo)
+ {
+ free(flowbits);
return 1;
+ }
flowbits->type = flowbitInfo->operation;
processFlowBitsWithGroup(flowbitInfo->flowBitsName, flowbitInfo->groupName, flowbits);
|
[-]
[+]
|
Changed |
snort-2.9.3.1.tar.bz2/src/dynamic-plugins/sf_dynamic_plugins.c
^
|
@@ -1447,10 +1447,12 @@
Active_ForceDropResetAction((Packet *)p);
}
+#ifdef ACTIVE_RESPONSE
void DynamicActiveSetEnabled(int on_off)
{
Active_SetEnabled(on_off);
}
+#endif
void *DynamicGetRuleClassByName(char *name)
{
@@ -1552,12 +1554,14 @@
Encode_Update((Packet*)p);
}
+#ifdef ACTIVE_RESPONSE
void DynamicSendBlockResponseMsg(void *p, const uint8_t* buffer, uint32_t buffer_len)
{
Packet *packet = (Packet *)p;
EncodeFlags df = (packet->packet_flags & PKT_FROM_SERVER) ? ENC_FLAG_FWD:0;
Active_SendData(packet, df, buffer, buffer_len);
}
+#endif
void DynamicSetParserPolicy(tSfPolicyId id)
{
@@ -1790,9 +1794,13 @@
preprocData.inlineForceDropPacket = &DynamicForceDropPacket;
preprocData.inlineForceDropAndReset = &DynamicForceDropReset;
+#ifdef ACTIVE_RESPONSE
preprocData.activeSetEnabled = &DynamicActiveSetEnabled;
+#endif
preprocData.SnortIsStrEmpty = DynamicSnortIsStrEmpty;
+#ifdef ACTIVE_RESPONSE
preprocData.dynamicSendBlockResponse = &DynamicSendBlockResponseMsg;
+#endif
preprocData.dynamicSetFlowId = &setFlowId;
preprocData.addPeriodicCheck = &AddFuncToPeriodicCheckList;
preprocData.addPostConfigFunc = &AddFuncToPreprocPostConfigList;
|
[-]
[+]
|
Changed |
snort-2.9.3.1.tar.bz2/src/dynamic-plugins/sf_dynamic_preprocessor.h
^
|
@@ -166,7 +166,9 @@
OOBPostControlFunc);
typedef int (*RegisterIdleHandler)(IdleProcessingHandler);
+#ifdef ACTIVE_RESPONSE
typedef void (*DynamicSendBlockResponse)(void *packet, const uint8_t* buffer, uint32_t buffer_len);
+#endif
typedef int (*DynamicSetFlowId)(const void* p, uint32_t id);
typedef int (*DynamicIsStrEmpty)(const char * );
@@ -216,7 +218,9 @@
GenSnortEvent genSnortEvent;
ThresholdCheckFunc thresholdCheck;
InlineDropFunc inlineDropAndReset;
+#ifdef ACTIVE_RESPONSE
ActiveEnableFunc activeSetEnabled;
+#endif
DetectFunc detect;
DisableDetectFunc disableDetect;
@@ -319,7 +323,9 @@
InlineDropFunc inlineForceDropAndReset;
DynamicIsStrEmpty SnortIsStrEmpty;
AddMetaEvalFunc addMetaEval;
+#ifdef ACTIVE_RESPONSE
DynamicSendBlockResponse dynamicSendBlockResponse;
+#endif
DynamicSetFlowId dynamicSetFlowId;
AddPeriodicCheck addPeriodicCheck;
AddPostConfigFuncs addPostConfigFunc;
|
[-]
[+]
|
Changed |
snort-2.9.3.1.tar.bz2/src/dynamic-plugins/sp_dynamic.c
^
|
@@ -108,22 +108,22 @@
* warning on 64bit OSs */
uint64_t ptr; /* Addresses are 64bits */
ptr = (uint64_t)dynData->contextData;
- a = (ptr << 32) & 0XFFFFFFFF;
+ a = (ptr >> 32);
b = (ptr & 0xFFFFFFFF);
ptr = (uint64_t)dynData->checkFunction;
- c = (ptr << 32) & 0XFFFFFFFF;
+ c = (ptr >> 32);
mix (a,b,c);
a += (ptr & 0xFFFFFFFF);
ptr = (uint64_t)dynData->hasOptionFunction;
- b += (ptr << 32) & 0XFFFFFFFF;
+ b += (ptr >> 32);
c += (ptr & 0xFFFFFFFF);
ptr = (uint64_t)dynData->getDynamicContents;
- a += (ptr << 32) & 0XFFFFFFFF;
+ a += (ptr >> 32);
b += (ptr & 0xFFFFFFFF);
c += dynData->contentFlags;
@@ -569,7 +569,7 @@
result = optionInit(option_name, option_params, &preprocOpt->dataPtr);
- if (option_name != NULL) free(option_name);
+ free(option_name);
if (option_params != NULL) free(option_params);
if (!result)
|
[-]
[+]
|
Changed |
snort-2.9.3.1.tar.bz2/src/dynamic-plugins/sp_preprocopt.c
^
|
@@ -224,18 +224,18 @@
else
{
ptr = (uint64_t)option_data->data;
- a = (ptr << 32) & 0XFFFFFFFF;
+ a = (ptr >> 32);
b = (ptr & 0xFFFFFFFF);
}
ptr = (uint64_t)option_data->optionInit;
- c = (ptr << 32) & 0XFFFFFFFF;
+ c = (ptr >> 32);
mix(a,b,c);
a += (ptr & 0xFFFFFFFF); /* mix in the last half of optionInit */
ptr = (uint64_t)option_data->optionEval;
- b += (ptr << 32) & 0XFFFFFFFF;
+ b += (ptr >> 32);
c += (ptr & 0xFFFFFFFF);
mix(a,b,c);
|
[-]
[+]
|
Changed |
snort-2.9.3.1.tar.bz2/src/dynamic-preprocessors/dcerpc2/dce2_smb.c
^
|
@@ -7358,6 +7358,7 @@
{
memcpy(&ssd->ptracker, ptracker, sizeof(DCE2_SmbPipeTracker));
DCE2_Free((void *)ptracker, sizeof(DCE2_SmbPipeTracker), DCE2_MEM_TYPE__SMB_FID);
+ ptracker = &ssd->ptracker;
}
else
{
|
[-]
[+]
|
Changed |
snort-2.9.3.1.tar.bz2/src/dynamic-preprocessors/dcerpc2/dce2_utils.h
^
|
@@ -109,14 +109,8 @@
/********************************************************************
* Inline function prototypes
********************************************************************/
-static inline void DCE2_Move(const uint8_t **data_ptr, uint32_t *data_len, int32_t amount)
-{
- *data_ptr += amount;
- *data_len -= amount;
-}
-
#define DCE2_MOVE(data_ptr, data_len, amount) \
- DCE2_Move((const uint8_t **)&data_ptr, (uint32_t *)&data_len, (int32_t)(amount))
+ { data_len -= (amount); data_ptr = (uint8_t *)data_ptr + (amount); }
static inline int DCE2_BufferIsEmpty(DCE2_Buffer *);
static inline void DCE2_BufferEmpty(DCE2_Buffer *);
|
[-]
[+]
|
Changed |
snort-2.9.3.1.tar.bz2/src/dynamic-preprocessors/dnp3/dnp3_map.c
^
|
@@ -108,7 +108,7 @@
if (code > func_map[num_funcs-1].value)
return func_is_defined;
- for (i = 0; i < num_funcs; i++)
+ for (i = 0; i < num_funcs-1; i++)
{
/* This short-circuit check assumes that the function map remains
in-order. */
|
[-]
[+]
|
Changed |
snort-2.9.3.1.tar.bz2/src/dynamic-preprocessors/reputation/reputation_config.c
^
|
@@ -143,7 +143,7 @@
uint64_t sizeFromEntries;
/*memcap value is in Megabytes*/
- size = memcap << 20;
+ size = (uint64_t)memcap << 20;
if (size > UINT32_MAX)
size = UINT32_MAX;
@@ -560,6 +560,13 @@
config->iplist = sfrt_flat_new(DIR_8x4, IPv4, maxEntries, config->memcap);
#endif
+ if (config->iplist == NULL)
+ {
+ DynamicPreprocessorFatalMessage("%s(%d): Failed to create IP list.\n",
+ *(_dpd.config_file), *(_dpd.config_line));
+ return;
+ }
+
list_ptr = segment_calloc((size_t)DECISION_MAX, sizeof(ListInfo));
config->iplist->list_info = list_ptr;
@@ -590,13 +597,6 @@
memset(whiteInfo->zones, true, MAX_NUM_ZONES);
#endif
}
-
- if (config->iplist == NULL)
- {
- DynamicPreprocessorFatalMessage("%s(%d): Failed to create IP list.\n",
- *(_dpd.config_file), *(_dpd.config_line));
- return;
- }
}
}
/*New information for the same IP will be appended to the current
|
[-]
[+]
|
Changed |
snort-2.9.3.1.tar.bz2/src/dynamic-preprocessors/sdf/spp_sdf.c
^
|
@@ -820,11 +820,13 @@
static void SDFPrintPseudoPacket(SDFConfig *config, SDFSessionData *session,
SFSnortPacket *real_packet)
{
- SFSnortPacket* p = config->pseudo_packet;
+ SFSnortPacket* p;
if (config == NULL || session == NULL || real_packet == NULL)
return;
+ p = config->pseudo_packet;
+
_dpd.encodeFormat(ENC_DYN_FWD|ENC_DYN_NET, real_packet, config->pseudo_packet, PSEUDO_PKT_SDF);
if ( IS_IP4(real_packet) )
|
[-]
[+]
|
Changed |
snort-2.9.3.1.tar.bz2/src/dynamic-preprocessors/sip/sip_config.c
^
|
@@ -488,7 +488,11 @@
return NULL;
method->methodName = strdup(methodName);
if (NULL == method->methodName)
+ {
+ free(method);
return NULL;
+ }
+
method->methodLen = methodLen;
method->methodFlag = methodConf;
method->nextm = NULL;
|
[-]
[+]
|
Changed |
snort-2.9.3.1.tar.bz2/src/dynamic-preprocessors/sip/sip_roptions.c
^
|
@@ -65,388 +65,393 @@
static inline int SIP_RoptDoEval(SFSnortPacket *p)
{
- if ((p->payload_size == 0) ||
- (p->stream_session_ptr == NULL) ||
- (!IsTCP(p) && !IsUDP(p)))
- {
-
- DEBUG_WRAP(DebugMessage(DEBUG_SIP, "No payload or no "
- "session pointer or not TCP or UDP - not evaluating.\n"));
- return 0;
- }
+ if ((p->payload_size == 0) ||
+ (p->stream_session_ptr == NULL) ||
+ (!IsTCP(p) && !IsUDP(p)))
+ {
+
+ DEBUG_WRAP(DebugMessage(DEBUG_SIP, "No payload or no "
+ "session pointer or not TCP or UDP - not evaluating.\n"));
+ return 0;
+ }
- return 1;
+ return 1;
}
static inline int IsRequest(SIP_Roptions *ropts)
{
- if (ropts->status_code)
- return FALSE;
- else
- return TRUE;
+ if (ropts->status_code)
+ return FALSE;
+ else
+ return TRUE;
}
/* Parsing for the rule option */
static int SIP_MethodInit(char *name, char *params, void **data)
{
- int flags = 0, mask = 0;
- char *end = NULL;
- char *tok;
- int negated = 0;
- int numTokens = 0;
- SipMethodRuleOptData *sdata;
- SIPMethodNode *method;
-
- if (strcasecmp(name, SIP_ROPT__METHOD) != 0)
- return 0;
-
-
- /*Evaluate whether all the methods are in the PP configurations */
- sip_eval_config = sfPolicyUserDataGetCurrent(sip_config);
-
- if (NULL == sip_eval_config)
- DynamicPreprocessorFatalMessage("%s(%d) => Configuration error!\n",
- *(_dpd.config_file), *(_dpd.config_line));
-
- /* Must have arguments */
- if (SIP_IsEmptyStr(params))
- {
- DynamicPreprocessorFatalMessage("%s(%d) => missing argument to sip_method keyword\n",
- *(_dpd.config_file), *(_dpd.config_line));
- }
-
- tok = strtok_r(params, ",", &end);
-
- if(!tok)
- DynamicPreprocessorFatalMessage("%s(%d) => missing argument to sip_method keyword\n",
- *(_dpd.config_file), *(_dpd.config_line));
-
- while (NULL != tok)
- {
-
- numTokens++;
-
- if (tok[0] == '!')
- {
- negated = 1;
- tok++;
- }
-
- /*Only one method is allowed with !*/
- if (negated && (numTokens > 1))
- {
- DynamicPreprocessorFatalMessage("%s(%d) => %s, only one method is allowed with ! for %s.\n",
- *(_dpd.config_file), *(_dpd.config_line), tok, name);
- }
- method = SIP_FindMethod (sip_eval_config->methods, tok, strlen (tok));
-
- /*if method is not found, add it as a user defined method*/
- if (NULL == method)
- {
- method = SIP_AddUserDefinedMethod(tok, &sip_eval_config->methodsConfig, &sip_eval_config->methods );
- if (NULL == method)
- DynamicPreprocessorFatalMessage("%s(%d) => %s can't add new method to %s.\n",
- *(_dpd.config_file), *(_dpd.config_line), tok, name);
- _dpd.logMsg("%s(%d) => Add user defined method: %s to SIP preprocessor through rule.\n",
- *(_dpd.config_file), *(_dpd.config_line), method->methodName);
- }
-
- flags |= 1 << (method->methodFlag - 1);
- if (negated)
- mask |= 1 << (method->methodFlag - 1);
-
- tok = strtok_r(NULL, ", ", &end);
-
- }
-
- sdata = (SipMethodRuleOptData *)calloc(1, sizeof(*sdata));
- if (sdata == NULL)
- {
- DynamicPreprocessorFatalMessage("Could not allocate memory for the "
- "sip preprocessor rule option.\n");
- }
-
- sdata->flags = flags;
- sdata->mask = mask;
- *data = (void *)sdata;
- return 1;
+ int flags = 0, mask = 0;
+ char *end = NULL;
+ char *tok;
+ int negated = 0;
+ int numTokens = 0;
+ SipMethodRuleOptData *sdata;
+ SIPMethodNode *method;
+
+ if (strcasecmp(name, SIP_ROPT__METHOD) != 0)
+ return 0;
+
+
+ /*Evaluate whether all the methods are in the PP configurations */
+ sip_eval_config = sfPolicyUserDataGetCurrent(sip_config);
+
+ if (NULL == sip_eval_config)
+ DynamicPreprocessorFatalMessage("%s(%d) => Configuration error!\n",
+ *(_dpd.config_file), *(_dpd.config_line));
+
+ /* Must have arguments */
+ if (SIP_IsEmptyStr(params))
+ {
+ DynamicPreprocessorFatalMessage("%s(%d) => missing argument to sip_method keyword\n",
+ *(_dpd.config_file), *(_dpd.config_line));
+ }
+
+ tok = strtok_r(params, ",", &end);
+
+ if(!tok)
+ DynamicPreprocessorFatalMessage("%s(%d) => missing argument to sip_method keyword\n",
+ *(_dpd.config_file), *(_dpd.config_line));
+
+ while (NULL != tok)
+ {
+
+ numTokens++;
+
+ if (tok[0] == '!')
+ {
+ negated = 1;
+ tok++;
+ }
+
+ /*Only one method is allowed with !*/
+ if (negated && (numTokens > 1))
+ {
+ DynamicPreprocessorFatalMessage("%s(%d) => %s, only one method is allowed with ! for %s.\n",
+ *(_dpd.config_file), *(_dpd.config_line), tok, name);
+ }
+ method = SIP_FindMethod (sip_eval_config->methods, tok, strlen (tok));
+
+ /*if method is not found, add it as a user defined method*/
+ if (NULL == method)
+ {
+ method = SIP_AddUserDefinedMethod(tok, &sip_eval_config->methodsConfig, &sip_eval_config->methods );
+ if (NULL == method)
+ DynamicPreprocessorFatalMessage("%s(%d) => %s can't add new method to %s.\n",
+ *(_dpd.config_file), *(_dpd.config_line), tok, name);
+ _dpd.logMsg("%s(%d) => Add user defined method: %s to SIP preprocessor through rule.\n",
+ *(_dpd.config_file), *(_dpd.config_line), method->methodName);
+ }
+
+ flags |= 1 << (method->methodFlag - 1);
+ if (negated)
+ mask |= 1 << (method->methodFlag - 1);
+
+ tok = strtok_r(NULL, ", ", &end);
+
+ }
+
+ sdata = (SipMethodRuleOptData *)calloc(1, sizeof(*sdata));
+ if (sdata == NULL)
+ {
+ DynamicPreprocessorFatalMessage("Could not allocate memory for the "
+ "sip preprocessor rule option.\n");
+ }
+
+ sdata->flags = flags;
+ sdata->mask = mask;
+ *data = (void *)sdata;
+ return 1;
}
/* Rule option evaluation */
static int SIP_MethodEval(void *pkt, const uint8_t **cursor, void *data)
{
- SFSnortPacket *p = (SFSnortPacket *)pkt;
- SIPData *sd;
- SIP_Roptions *ropts;
- SipMethodRuleOptData *sdata = (SipMethodRuleOptData *)data;
+ SFSnortPacket *p = (SFSnortPacket *)pkt;
+ SIPData *sd;
+ SIP_Roptions *ropts;
+ SipMethodRuleOptData *sdata = (SipMethodRuleOptData *)data;
uint32_t methodFlag;
- DEBUG_WRAP(DebugMessage(DEBUG_SIP,
- "Evaluating \"%s\" rule option.\n", SIP_ROPT__METHOD));
+ DEBUG_WRAP(DebugMessage(DEBUG_SIP,
+ "Evaluating \"%s\" rule option.\n", SIP_ROPT__METHOD));
- if (!SIP_RoptDoEval(p))
- return RULE_NOMATCH;
+ if (!SIP_RoptDoEval(p))
+ return RULE_NOMATCH;
- sd = (SIPData *)_dpd.streamAPI->get_application_data(p->stream_session_ptr, PP_SIP);
- if (sd == NULL)
- {
- DEBUG_WRAP(DebugMessage(DEBUG_SIP,
- "No session data - not evaluating.\n"));
- return RULE_NOMATCH;
- }
+ sd = (SIPData *)_dpd.streamAPI->get_application_data(p->stream_session_ptr, PP_SIP);
+ if (sd == NULL)
+ {
+ DEBUG_WRAP(DebugMessage(DEBUG_SIP,
+ "No session data - not evaluating.\n"));
+ return RULE_NOMATCH;
+ }
- ropts = &sd->ropts;
+ ropts = &sd->ropts;
- DEBUG_WRAP(DebugMessage(DEBUG_SIP,
- "Rule Flags: %x Data Flags: %x, Mask: %x \n", sdata->flags, ropts->methodFlag, sdata->mask ));
+ DEBUG_WRAP(DebugMessage(DEBUG_SIP,
+ "Rule Flags: %x Data Flags: %x, Mask: %x \n", sdata->flags, ropts->methodFlag, sdata->mask ));
// Not response
- methodFlag = 1 << (ropts->methodFlag - 1);
- if (IsRequest(ropts) && ((sdata->flags & methodFlag) ^ sdata->mask))
- {
- return RULE_MATCH;
- }
- return RULE_NOMATCH;
+ methodFlag = 1 << (ropts->methodFlag - 1);
+ if (IsRequest(ropts) && ((sdata->flags & methodFlag) ^ sdata->mask))
+ {
+ return RULE_MATCH;
+ }
+ return RULE_NOMATCH;
}
+
static int SIP_MethodAddFastPatterns(void *data, int protocol,
- int direction, FPContentInfo **info)
+ int direction, FPContentInfo **info)
{
- char *sip = "SIP";
- FPContentInfo *method_fp;
- SipMethodRuleOptData *sdata = (SipMethodRuleOptData *)data;
- DEBUG_WRAP(DebugMessage(DEBUG_SIP,
- "Evaluating \"%s\" fast pattern rule option.\n", SIP_ROPT__METHOD));
- if ((sdata == NULL) || (info == NULL))
- return -1;
+ char *sip = "SIP";
+ FPContentInfo *method_fp;
+ SipMethodRuleOptData *sdata = (SipMethodRuleOptData *)data;
+ DEBUG_WRAP(DebugMessage(DEBUG_SIP,
+ "Evaluating \"%s\" fast pattern rule option.\n", SIP_ROPT__METHOD));
+ if ((sdata == NULL) || (info == NULL))
+ return -1;
- if ((protocol != IPPROTO_TCP) && (protocol != IPPROTO_UDP))
- return -1;
+ if ((protocol != IPPROTO_TCP) && (protocol != IPPROTO_UDP))
+ return -1;
- DEBUG_WRAP(DebugMessage(DEBUG_SIP,
- "adding info to \"%s\" fast pattern rule option.\n", SIP_ROPT__METHOD));
+ DEBUG_WRAP(DebugMessage(DEBUG_SIP,
+ "adding info to \"%s\" fast pattern rule option.\n", SIP_ROPT__METHOD));
- method_fp = (FPContentInfo *)calloc(1,sizeof(FPContentInfo));
+ method_fp = (FPContentInfo *)calloc(1,sizeof(FPContentInfo));
if (NULL == method_fp)
- return -1;
+ return -1;
+
+ method_fp->content = (char *)malloc(strlen(sip));
+ if (NULL == method_fp->content)
+ {
+ free(method_fp);
+ return -1;
+ }
- method_fp->content = (char *)malloc(strlen(sip));
- if (NULL == method_fp->content)
- return -1;
- memcpy(method_fp->content, sip, strlen(sip));
- method_fp->length = strlen(sip);
+ memcpy(method_fp->content, sip, strlen(sip));
+ method_fp->length = strlen(sip);
*info = method_fp;
- return 0;
+ return 0;
}
/* Parsing for the rule option */
static int SIP_HeaderInit(char *name, char *params, void **data)
{
- if (strcasecmp(name, SIP_ROPT__HEADER) != 0)
- return 0;
+ if (strcasecmp(name, SIP_ROPT__HEADER) != 0)
+ return 0;
- /* Must not have arguments */
- if (!SIP_IsEmptyStr(params))
- {
- DynamicPreprocessorFatalMessage("%s, %s(%d) => rule option: This option has no arguments.\n",
- SIP_ROPT__HEADER, *(_dpd.config_file), *(_dpd.config_line));
+ /* Must not have arguments */
+ if (!SIP_IsEmptyStr(params))
+ {
+ DynamicPreprocessorFatalMessage("%s, %s(%d) => rule option: This option has no arguments.\n",
+ SIP_ROPT__HEADER, *(_dpd.config_file), *(_dpd.config_line));
- }
+ }
- return 1;
+ return 1;
}
/* Rule option evaluation */
static int SIP_HeaderEval(void *pkt, const uint8_t **cursor, void *data)
{
- SFSnortPacket *p = (SFSnortPacket *)pkt;
- SIPData *sd;
- SIP_Roptions *ropts;
-
- DEBUG_WRAP(DebugMessage(DEBUG_SIP,
- "Evaluating \"%s\" rule option.\n", SIP_ROPT__HEADER));
-
- if (!SIP_RoptDoEval(p))
- return RULE_NOMATCH;
-
- sd = (SIPData *)_dpd.streamAPI->get_application_data(p->stream_session_ptr, PP_SIP);
- if (sd == NULL)
- {
- DEBUG_WRAP(DebugMessage(DEBUG_SIP,
- "No session data - not evaluating.\n"));
- return RULE_NOMATCH;
- }
-
- ropts = &sd->ropts;
-
- if (ropts->header_data != NULL)
- {
- DEBUG_WRAP(DebugMessage(DEBUG_SIP,
- "Setting cursor to header data: %p.\n", ropts->header_data));
- *cursor = ropts->header_data;
- //Limit the length
- _dpd.SetAltDetect((uint8_t *)ropts->header_data, ropts->header_len);
-
- return RULE_MATCH;
- }
- return RULE_NOMATCH;
+ SFSnortPacket *p = (SFSnortPacket *)pkt;
+ SIPData *sd;
+ SIP_Roptions *ropts;
+
+ DEBUG_WRAP(DebugMessage(DEBUG_SIP,
+ "Evaluating \"%s\" rule option.\n", SIP_ROPT__HEADER));
+
+ if (!SIP_RoptDoEval(p))
+ return RULE_NOMATCH;
+
+ sd = (SIPData *)_dpd.streamAPI->get_application_data(p->stream_session_ptr, PP_SIP);
+ if (sd == NULL)
+ {
+ DEBUG_WRAP(DebugMessage(DEBUG_SIP,
+ "No session data - not evaluating.\n"));
+ return RULE_NOMATCH;
+ }
+
+ ropts = &sd->ropts;
+
+ if (ropts->header_data != NULL)
+ {
+ DEBUG_WRAP(DebugMessage(DEBUG_SIP,
+ "Setting cursor to header data: %p.\n", ropts->header_data));
+ *cursor = ropts->header_data;
+ //Limit the length
+ _dpd.SetAltDetect((uint8_t *)ropts->header_data, ropts->header_len);
+
+ return RULE_MATCH;
+ }
+ return RULE_NOMATCH;
}
/* Parsing for the rule option */
static int SIP_StatCodeInit(char *name, char *params, void **data)
{
- char *end = NULL;
- char *tok;
- int i_tok = 0;
- SipStatCodeRuleOptData *sdata;
-
- if (strcasecmp(name, SIP_ROPT__STATUS_CODE) != 0)
- return 0;
-
- /* Must have arguments */
- if (SIP_IsEmptyStr(params))
- {
- DynamicPreprocessorFatalMessage("%s(%d) => missing argument to sip_stat_code keyword\n",
- *(_dpd.config_file), *(_dpd.config_line));
- }
- tok = strtok_r(params, ",", &end);
-
- if(!tok)
- DynamicPreprocessorFatalMessage("%s(%d) => missing argument to sip_stat_code keyword\n",
- *(_dpd.config_file), *(_dpd.config_line));
-
- sdata = (SipStatCodeRuleOptData *)calloc(1, sizeof(*sdata));
-
- if (sdata == NULL)
- {
- DynamicPreprocessorFatalMessage("Could not allocate memory for the "
- "sip preprocessor rule option.\n");
- }
-
- while ((NULL != tok) && (i_tok < SIP_NUM_STAT_CODE_MAX))
- {
-
- unsigned long statCode = _dpd.SnortStrtoul(tok, NULL, 10);
- DEBUG_WRAP(DebugMessage(DEBUG_SIP,
- "Rule Status code: %d.\n",sdata->stat_codes[i_tok]));
- if ((statCode > MAX_STAT_CODE) ||
- ((statCode > NUM_OF_RESPONSE_TYPES - 1) && (statCode < MIN_STAT_CODE)))
- {
- DynamicPreprocessorFatalMessage("%s(%d) => Status code %u specified is not a 3 digit number or 1 - %d\n ",
- *(_dpd.config_file), *(_dpd.config_line), statCode, NUM_OF_RESPONSE_TYPES-1);
- }
- sdata->stat_codes[i_tok] = (uint16_t)statCode;
-
- tok = strtok_r(NULL, ", ", &end);
- i_tok++;
- }
-
- if (NULL != tok)
- DynamicPreprocessorFatalMessage("%s(%d) => More than %d argument to sip_stat_code keyword\n",
- *(_dpd.config_file), *(_dpd.config_line), SIP_NUM_STAT_CODE_MAX);
+ char *end = NULL;
+ char *tok;
+ int i_tok = 0;
+ SipStatCodeRuleOptData *sdata;
+
+ if (strcasecmp(name, SIP_ROPT__STATUS_CODE) != 0)
+ return 0;
+
+ /* Must have arguments */
+ if (SIP_IsEmptyStr(params))
+ {
+ DynamicPreprocessorFatalMessage("%s(%d) => missing argument to sip_stat_code keyword\n",
+ *(_dpd.config_file), *(_dpd.config_line));
+ }
+ tok = strtok_r(params, ",", &end);
+
+ if(!tok)
+ DynamicPreprocessorFatalMessage("%s(%d) => missing argument to sip_stat_code keyword\n",
+ *(_dpd.config_file), *(_dpd.config_line));
+
+ sdata = (SipStatCodeRuleOptData *)calloc(1, sizeof(*sdata));
+
+ if (sdata == NULL)
+ {
+ DynamicPreprocessorFatalMessage("Could not allocate memory for the "
+ "sip preprocessor rule option.\n");
+ }
+
+ while ((NULL != tok) && (i_tok < SIP_NUM_STAT_CODE_MAX))
+ {
+
+ unsigned long statCode = _dpd.SnortStrtoul(tok, NULL, 10);
+ DEBUG_WRAP(DebugMessage(DEBUG_SIP,
+ "Rule Status code: %d.\n",sdata->stat_codes[i_tok]));
+ if ((statCode > MAX_STAT_CODE) ||
+ ((statCode > NUM_OF_RESPONSE_TYPES - 1) && (statCode < MIN_STAT_CODE)))
+ {
+ DynamicPreprocessorFatalMessage("%s(%d) => Status code %u specified is not a 3 digit number or 1 - %d\n ",
+ *(_dpd.config_file), *(_dpd.config_line), statCode, NUM_OF_RESPONSE_TYPES-1);
+ }
+ sdata->stat_codes[i_tok] = (uint16_t)statCode;
+
+ tok = strtok_r(NULL, ", ", &end);
+ i_tok++;
+ }
+
+ if (NULL != tok)
+ DynamicPreprocessorFatalMessage("%s(%d) => More than %d argument to sip_stat_code keyword\n",
+ *(_dpd.config_file), *(_dpd.config_line), SIP_NUM_STAT_CODE_MAX);
- *data = (void *)sdata;
- return 1;
+ *data = (void *)sdata;
+ return 1;
}
/* Rule option evaluation */
static int SIP_StatCodeEval(void *pkt, const uint8_t **cursor, void *data)
{
- SFSnortPacket *p = (SFSnortPacket *)pkt;
- SIPData *sd;
- SIP_Roptions *ropts;
- SipStatCodeRuleOptData *sdata = (SipStatCodeRuleOptData *)data;
- uint16_t short_code;
+ SFSnortPacket *p = (SFSnortPacket *)pkt;
+ SIPData *sd;
+ SIP_Roptions *ropts;
+ SipStatCodeRuleOptData *sdata = (SipStatCodeRuleOptData *)data;
+ uint16_t short_code;
int i_code;
- DEBUG_WRAP(DebugMessage(DEBUG_SIP,
- "Evaluating \"%s\" rule option.\n", SIP_ROPT__STATUS_CODE));
+ DEBUG_WRAP(DebugMessage(DEBUG_SIP,
+ "Evaluating \"%s\" rule option.\n", SIP_ROPT__STATUS_CODE));
- if (!SIP_RoptDoEval(p))
- return RULE_NOMATCH;
+ if (!SIP_RoptDoEval(p))
+ return RULE_NOMATCH;
- sd = (SIPData *)_dpd.streamAPI->get_application_data(p->stream_session_ptr, PP_SIP);
- if (sd == NULL)
- {
- DEBUG_WRAP(DebugMessage(DEBUG_SIP,
- "No session data - not evaluating.\n"));
- return RULE_NOMATCH;
- }
+ sd = (SIPData *)_dpd.streamAPI->get_application_data(p->stream_session_ptr, PP_SIP);
+ if (sd == NULL)
+ {
+ DEBUG_WRAP(DebugMessage(DEBUG_SIP,
+ "No session data - not evaluating.\n"));
+ return RULE_NOMATCH;
+ }
- ropts = &sd->ropts;
+ ropts = &sd->ropts;
- DEBUG_WRAP(DebugMessage(DEBUG_SIP,
- "Status code in packet: %d \n", ropts->status_code));
+ DEBUG_WRAP(DebugMessage(DEBUG_SIP,
+ "Status code in packet: %d \n", ropts->status_code));
if (0 == ropts->status_code)
- return RULE_NOMATCH;
+ return RULE_NOMATCH;
/*Match the status code*/
- short_code = ropts->status_code / 100;
- for(i_code = 0; i_code < SIP_NUM_STAT_CODE_MAX; i_code++)
- {
- if ((sdata->stat_codes[i_code] == short_code)||
- (sdata->stat_codes[i_code] == ropts->status_code))
- return RULE_MATCH;
- }
- DEBUG_WRAP(DebugMessage(DEBUG_SIP,
- "Rule No Match\n"));
- return RULE_NOMATCH;
+ short_code = ropts->status_code / 100;
+ for(i_code = 0; i_code < SIP_NUM_STAT_CODE_MAX; i_code++)
+ {
+ if ((sdata->stat_codes[i_code] == short_code)||
+ (sdata->stat_codes[i_code] == ropts->status_code))
+ return RULE_MATCH;
+ }
+ DEBUG_WRAP(DebugMessage(DEBUG_SIP,
+ "Rule No Match\n"));
+ return RULE_NOMATCH;
}
/* Parsing for the rule option */
static int SIP_BodyInit(char *name, char *params, void **data)
{
- if (strcasecmp(name, SIP_ROPT__BODY) != 0)
- return 0;
+ if (strcasecmp(name, SIP_ROPT__BODY) != 0)
+ return 0;
- /* Must not have arguments */
- if (!SIP_IsEmptyStr(params))
- {
- DynamicPreprocessorFatalMessage("%s, %s(%d) => rule option: This option has no arguments.\n",
- SIP_ROPT__BODY, *(_dpd.config_file), *(_dpd.config_line));
+ /* Must not have arguments */
+ if (!SIP_IsEmptyStr(params))
+ {
+ DynamicPreprocessorFatalMessage("%s, %s(%d) => rule option: This option has no arguments.\n",
+ SIP_ROPT__BODY, *(_dpd.config_file), *(_dpd.config_line));
- }
+ }
- return 1;
+ return 1;
}
/* Rule option evaluation */
static int SIP_BodyEval(void *pkt, const uint8_t **cursor, void *data)
{
- SFSnortPacket *p = (SFSnortPacket *)pkt;
- SIPData *sd;
- SIP_Roptions *ropts;
-
- DEBUG_WRAP(DebugMessage(DEBUG_SIP,
- "Evaluating \"%s\" rule option.\n", SIP_ROPT__BODY));
-
- if (!SIP_RoptDoEval(p))
- return RULE_NOMATCH;
-
- sd = (SIPData *)_dpd.streamAPI->get_application_data(p->stream_session_ptr, PP_SIP);
- if (sd == NULL)
- {
- DEBUG_WRAP(DebugMessage(DEBUG_SIP,
- "No session data - not evaluating.\n"));
- return RULE_NOMATCH;
- }
-
- ropts = &sd->ropts;
-
- if (ropts->body_data != NULL)
- {
- DEBUG_WRAP(DebugMessage(DEBUG_SIP,
- "Setting cursor to body data: %p.\n", ropts->body_data));
- *cursor = ropts->body_data;
- //Limit the length
- _dpd.SetAltDetect((uint8_t *)ropts->body_data, ropts->body_len);
+ SFSnortPacket *p = (SFSnortPacket *)pkt;
+ SIPData *sd;
+ SIP_Roptions *ropts;
+
+ DEBUG_WRAP(DebugMessage(DEBUG_SIP,
+ "Evaluating \"%s\" rule option.\n", SIP_ROPT__BODY));
+
+ if (!SIP_RoptDoEval(p))
+ return RULE_NOMATCH;
+
+ sd = (SIPData *)_dpd.streamAPI->get_application_data(p->stream_session_ptr, PP_SIP);
+ if (sd == NULL)
+ {
+ DEBUG_WRAP(DebugMessage(DEBUG_SIP,
+ "No session data - not evaluating.\n"));
+ return RULE_NOMATCH;
+ }
+
+ ropts = &sd->ropts;
+
+ if (ropts->body_data != NULL)
+ {
+ DEBUG_WRAP(DebugMessage(DEBUG_SIP,
+ "Setting cursor to body data: %p.\n", ropts->body_data));
+ *cursor = ropts->body_data;
+ //Limit the length
+ _dpd.SetAltDetect((uint8_t *)ropts->body_data, ropts->body_len);
- return RULE_MATCH;
- }
+ return RULE_MATCH;
+ }
- return RULE_NOMATCH;
+ return RULE_NOMATCH;
}
/********************************************************************
* Function: SIP_RegRuleOptions
@@ -460,13 +465,13 @@
********************************************************************/
void SIP_RegRuleOptions(void)
{
- _dpd.preprocOptRegister(SIP_ROPT__METHOD, SIP_MethodInit, SIP_MethodEval,
- free, NULL, NULL, NULL, SIP_MethodAddFastPatterns);
- _dpd.preprocOptRegister(SIP_ROPT__HEADER, SIP_HeaderInit, SIP_HeaderEval,
- NULL, NULL, NULL, NULL, NULL);
- _dpd.preprocOptRegister(SIP_ROPT__STATUS_CODE, SIP_StatCodeInit, SIP_StatCodeEval,
- free, NULL, NULL, NULL, NULL);
- _dpd.preprocOptRegister(SIP_ROPT__BODY, SIP_BodyInit, SIP_BodyEval,
- NULL, NULL, NULL, NULL, NULL);
+ _dpd.preprocOptRegister(SIP_ROPT__METHOD, SIP_MethodInit, SIP_MethodEval,
+ free, NULL, NULL, NULL, SIP_MethodAddFastPatterns);
+ _dpd.preprocOptRegister(SIP_ROPT__HEADER, SIP_HeaderInit, SIP_HeaderEval,
+ NULL, NULL, NULL, NULL, NULL);
+ _dpd.preprocOptRegister(SIP_ROPT__STATUS_CODE, SIP_StatCodeInit, SIP_StatCodeEval,
+ free, NULL, NULL, NULL, NULL);
+ _dpd.preprocOptRegister(SIP_ROPT__BODY, SIP_BodyInit, SIP_BodyEval,
+ NULL, NULL, NULL, NULL, NULL);
}
|
[-]
[+]
|
Changed |
snort-2.9.3.1.tar.bz2/src/dynamic-preprocessors/smtp/spp_smtp.c
^
|
@@ -651,7 +651,7 @@
if (configNext->email_hdrs_log_depth & 7)
configNext->email_hdrs_log_depth += (8 - (configNext->email_hdrs_log_depth & 7));
- if(config->email_hdrs_log_depth != config->email_hdrs_log_depth)
+ if(configNext->email_hdrs_log_depth != config->email_hdrs_log_depth)
{
_dpd.errMsg("SMTP reload: Changing the email_hdrs_log_depth requires a restart.\n");
SMTP_FreeConfigs(smtp_swap_config);
|
[-]
[+]
|
Changed |
snort-2.9.3.1.tar.bz2/src/output-plugins/spo_alert_unixsock.c
^
|
@@ -184,7 +184,8 @@
if(p && p->pkt)
{
uint32_t snaplen = DAQ_GetSnapLen();
- bcopy((const void *)p->pkth,(void *)&alertpkt.pkth,sizeof(DAQ_PktHdr_t));
+ bcopy((const void *)p->pkth,(void *)&alertpkt.pkth,
+ sizeof(alertpkt.pkth));
bcopy((const void *)p->pkt,alertpkt.pkt,
alertpkt.pkth.caplen > snaplen? snaplen : alertpkt.pkth.caplen);
}
|
[-]
[+]
|
Changed |
snort-2.9.3.1.tar.bz2/src/preprocessors/HttpInspect/client/hi_client.c
^
|
@@ -2154,8 +2154,8 @@
}
}
}
- if ( header_field_ptr && (header_field_ptr->content_len->cont_len_start) &&
- (header_field_ptr->content_len->cont_len_end) )
+ if ( header_field_ptr->content_len->cont_len_start &&
+ header_field_ptr->content_len->cont_len_end )
{
char *pcEnd;
uint64_t len;
|
[-]
[+]
|
Changed |
snort-2.9.3.1.tar.bz2/src/preprocessors/HttpInspect/server/hi_server.c
^
|
@@ -1675,8 +1675,7 @@
SetHttpDecode((uint16_t)alt_dsize);
Server->response.body = HttpDecodeBuf.data;
Server->response.body_size = HttpDecodeBuf.len;
- if(sd)
- sd->log_flags |= HTTP_LOG_GZIP_DATA;
+ sd->log_flags |= HTTP_LOG_GZIP_DATA;
}
else
#endif
|
[-]
[+]
|
Changed |
snort-2.9.3.1.tar.bz2/src/preprocessors/spp_httpinspect.c
^
|
@@ -1444,7 +1444,7 @@
return -1;
}
}
- else if (defaultSwapConfig != NULL)
+ else
{
if (sfPolicyUserDataIterate(hi_swap_config, HttpInspectExtractUriHost) != 0)
{
|
[-]
[+]
|
Changed |
snort-2.9.3.1.tar.bz2/src/preprocessors/spp_perfmonitor.c
^
|
@@ -647,7 +647,7 @@
if ((0 == pt.st_uid) || (0 == pt.st_gid))
{
chmod(perfmon_config->flowip_file, mode);
- chown(perfmon_config->file, ScUid(), ScGid());
+ chown(perfmon_config->flowip_file, ScUid(), ScGid());
}
}
|
[-]
[+]
|
Changed |
snort-2.9.3.1.tar.bz2/src/sfutil/acsmx2.c
^
|
@@ -1316,7 +1316,10 @@
for( j=band_begin[i]; j<=band_end[i]; j++ )
{
if (j >= MAX_ALPHABET_SIZE)
+ {
+ AC_FREE_DFA(p, sizeof(acstate_t)*(cnt), sizeof(acstate_t));
return -1;
+ }
p[m++] = full[j]; /* some states may be state zero */
}
|
[-]
[+]
|
Changed |
snort-2.9.3.1.tar.bz2/src/sfutil/bnfa_search.c
^
|
@@ -1194,7 +1194,7 @@
void bnfaPrint(bnfa_struct_t * bnfa)
{
int k;
- bnfa_match_node_t ** MatchList = bnfa->bnfaMatchList;
+ bnfa_match_node_t ** MatchList;
bnfa_match_node_t * mlist;
int ps_index=0;
bnfa_state_t * ps=0;
@@ -1202,6 +1202,8 @@
if( !bnfa )
return;
+ MatchList = bnfa->bnfaMatchList;
+
if( !bnfa->bnfaNumStates )
return;
@@ -1442,7 +1444,11 @@
if(!plist) return -1;
plist->casepatrn = (unsigned char *)BNFA_MALLOC(n,p->pat_memory );
- if(!plist->casepatrn) return -1;
+ if(!plist->casepatrn)
+ {
+ BNFA_FREE(plist,sizeof(bnfa_pattern_t),p->pat_memory);
+ return -1;
+ }
memcpy (plist->casepatrn, pat, n);
|
[-]
[+]
|
Changed |
snort-2.9.3.1.tar.bz2/src/sfutil/sf_iph.c
^
|
@@ -350,8 +350,8 @@
* with the exception of the IP addresses. Copy over everything but
* the IPs */
memcpy(&p->inner_ip4h, hdr4, sizeof(IPHdr) - 8);
- sfip_set_raw(&p->inner_ip4h.ip_src, &hdr4->ip_src, p->family);
- sfip_set_raw(&p->inner_ip4h.ip_dst, &hdr4->ip_dst, p->family);
+ sfip_set_raw(&p->inner_ip4h.ip_src, &hdr4->ip_src, family);
+ sfip_set_raw(&p->inner_ip4h.ip_dst, &hdr4->ip_dst, family);
p->actual_ip_len = ntohs(p->inner_ip4h.ip_len);
p->ip4h = &p->inner_ip4h;
}
@@ -363,8 +363,8 @@
* with the exception of the IP addresses. Copy over everything but
* the IPs*/
memcpy(&p->inner_ip6h, hdr6, sizeof(IP6RawHdr) - 32);
- sfip_set_raw(&p->inner_ip6h.ip_src, &hdr6->ip6_src, p->family);
- sfip_set_raw(&p->inner_ip6h.ip_dst, &hdr6->ip6_dst, p->family);
+ sfip_set_raw(&p->inner_ip6h.ip_src, &hdr6->ip6_src, family);
+ sfip_set_raw(&p->inner_ip6h.ip_dst, &hdr6->ip6_dst, family);
p->actual_ip_len = ntohs(p->inner_ip6h.len) + IP6_HDR_LEN;
p->ip6h = &p->inner_ip6h;
}
@@ -401,8 +401,8 @@
* with the exception of the IP addresses. Copy over everything but
* the IPs */
memcpy(&p->inner_orig_ip4h, hdr4, sizeof(IPHdr) - 8);
- sfip_set_raw(&p->inner_orig_ip4h.ip_src, &hdr4->ip_src, p->family);
- sfip_set_raw(&p->inner_orig_ip4h.ip_dst, &hdr4->ip_dst, p->family);
+ sfip_set_raw(&p->inner_orig_ip4h.ip_src, &hdr4->ip_src, family);
+ sfip_set_raw(&p->inner_orig_ip4h.ip_dst, &hdr4->ip_dst, family);
p->actual_ip_len = ntohs(p->inner_orig_ip4h.ip_len);
p->orig_ip4h = &p->inner_orig_ip4h;
}
@@ -414,8 +414,8 @@
* with the exception of the IP addresses. Copy over everything but
* the IPs*/
memcpy(&p->inner_orig_ip6h, hdr6, sizeof(IP6RawHdr) - 32);
- sfip_set_raw(&p->inner_orig_ip6h.ip_src, &hdr6->ip6_src, p->family);
- sfip_set_raw(&p->inner_orig_ip6h.ip_dst, &hdr6->ip6_dst, p->family);
+ sfip_set_raw(&p->inner_orig_ip6h.ip_src, &hdr6->ip6_src, family);
+ sfip_set_raw(&p->inner_orig_ip6h.ip_dst, &hdr6->ip6_dst, family);
p->actual_ip_len = ntohs(p->inner_orig_ip6h.len) + IP6_HDR_LEN;
p->orig_ip6h = &p->inner_orig_ip6h;
}
|
[-]
[+]
|
Changed |
snort-2.9.3.1.tar.bz2/src/target-based/sf_attribute_table_parser.c
^
|
@@ -6801,10 +6801,11 @@
/* Store the value of the string, but not
* more than STD_BUF. */
int i;
- for (i=0; i < sfatleng && i < STD_BUF; i++)
+ for (i=0; i < sfatleng && i < STD_BUF-1; i++)
{
sfat_lval.stringValue[i] = sfattext[i];
}
+
sfat_lval.stringValue[i] = '\0';
#ifdef DEBUG_MSGS
DebugMessage(DEBUG_ATTRIBUTE,
@@ -6816,32 +6817,32 @@
case 54:
/* rule 54 can match eol */
YY_RULE_SETUP
-#line 177 "sf_attribute_table_parser.l"
+#line 178 "sf_attribute_table_parser.l"
{ sfat_linenumber++; }
YY_BREAK
case 55:
YY_RULE_SETUP
-#line 178 "sf_attribute_table_parser.l"
+#line 179 "sf_attribute_table_parser.l"
{ ; /* Do nothing -- ignore it */}
YY_BREAK
case 56:
YY_RULE_SETUP
-#line 180 "sf_attribute_table_parser.l"
+#line 181 "sf_attribute_table_parser.l"
{ return 0; }
YY_BREAK
/* Error, no meaningful input provided */
case YY_STATE_EOF(INITIAL):
case YY_STATE_EOF(waiting_for_comma_prior_to_data):
case YY_STATE_EOF(waiting_for_data):
-#line 183 "sf_attribute_table_parser.l"
+#line 184 "sf_attribute_table_parser.l"
{ yyterminate(); }
YY_BREAK
case 57:
YY_RULE_SETUP
-#line 185 "sf_attribute_table_parser.l"
+#line 186 "sf_attribute_table_parser.l"
ECHO;
YY_BREAK
-#line 6845 "sf_attribute_table_parser.c"
+#line 6846 "sf_attribute_table_parser.c"
case YY_END_OF_BUFFER:
{
@@ -7797,7 +7798,7 @@
#define YYTABLES_NAME "yytables"
-#line 185 "sf_attribute_table_parser.l"
+#line 186 "sf_attribute_table_parser.l"
char *sfat_grammar_error=NULL;
|
[-]
[+]
|
Changed |
snort-2.9.3.1.tar.bz2/src/target-based/sf_attribute_table_parser.l
^
|
@@ -163,10 +163,11 @@
/* Store the value of the string, but not
* more than STD_BUF. */
int i;
- for (i=0; i < yyleng && i < STD_BUF; i++)
+ for (i=0; i < yyleng && i < STD_BUF-1; i++)
{
sfat_lval.stringValue[i] = yytext[i];
}
+
sfat_lval.stringValue[i] = '\0';
#ifdef DEBUG_MSGS
DebugMessage(DEBUG_ATTRIBUTE,
|
[-]
[+]
|
Changed |
snort-2.9.3.1.tar.bz2/src/win32/WIN32-Includes/config.h
^
|
@@ -125,7 +125,7 @@
* should both match the ones specified in the
* AM_INIT_AUTOMAKE() macro of configure.in
*/
-#define VERSION "2.9.3"VERSION_ENABLE_ODBC""VERSION_ENABLE_MYSQL""VERSION_ENABLE_MSSQL""VERSION_ENABLE_ORACLE""VERSION_ENABLE_RESPONSE"-WIN32"VERSION_DEBUG
+#define VERSION "2.9.3.1"VERSION_ENABLE_ODBC""VERSION_ENABLE_MYSQL""VERSION_ENABLE_MSSQL""VERSION_ENABLE_ORACLE""VERSION_ENABLE_RESPONSE"-WIN32"VERSION_DEBUG
#define PACKAGE "snort"
#define IFNAMSIZ 255
@@ -225,7 +225,7 @@
#define strncasecmp strnicmp
#define strcasecmp stricmp
#if _MSC_VER < 1500 /* VC9 defines this */
-#define vsnprintf _vsnprintf
+#define vsnprintf _vsnprintf
#define strdup _strdup
#endif
#define IXDR_GET_LONG(buf) ((long)ntohl((u_long)*(buf)++))
|
[-]
[+]
|
Changed |
snort-2.9.3.1.tar.bz2/src/win32/WIN32-Prj/snort.dsw
^
|
@@ -349,6 +349,9 @@
End Project Dependency
}}}
+###############################################################################
+
+
Project: "sfdynamic_preproc_libs"="..\..\dynamic-preprocessors\libs\sfdynamic_preproc_libs.dsp" - Package Owner=<4>
Package=<5>
|
[-]
[+]
|
Changed |
snort-2.9.3.1.tar.bz2/src/win32/WIN32-Prj/snort_installer.nsi
^
|
@@ -11,7 +11,7 @@
; Note that this NSIS script is designed for NSIS version 2.09.
;
-Name "Snort 2.9.3"
+Name "Snort 2.9.3.1"
CRCCheck On
@@ -23,7 +23,7 @@
;Configuration
;General
- OutFile "Snort_2_9_3_Installer.exe" ; The name of the installer executable
+ OutFile "Snort_2_9_3_1_Installer.exe" ; The name of the installer executable
;Folder selection page
InstallDir "C:\Snort"
|