Snort mailing list archives
snort2: curious code in rfc5987_attr_char()
From: Bob Cook via Snort-devel <snort-devel () lists snort org>
Date: Tue, 17 Dec 2019 18:27:05 +0000
Hello, I've been reviewing a little bit of the snort code and this got flagged by a static analyzer: src\preprocessors\snort_httpinspect.c:3891 (snort-2.9.15) static inline bool rfc5987_attr_char(u_char c) { return rfc_2616_token(c) && ((c != '*') || (c != '\'') || (c != '%')); } The logical OR operators are likely supposed to be logical AND operators, which would make way more sense given the definition of RFC 5987. Anyone else noticed this before? The code isn't new, seems like it's been around for a while and still exists in 2.9.15. The side effect of this behavior would appear to be pretty minor, as this function is only used in parsing the Content-Disposition header, but figured it's still worth pointing out / asking about. There may be some history that I'm not aware of. Thanks, Bob Cook Sophos _______________________________________________ Snort-devel mailing list Snort-devel () lists snort org https://lists.snort.org/mailman/listinfo/snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- snort2: curious code in rfc5987_attr_char() Bob Cook via Snort-devel (Dec 19)
- Re: snort2: curious code in rfc5987_attr_char() Dave Killion via Snort-devel (Dec 19)