Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: (spp_asn1) ASN.1 spec violation, possible overflow

From: Erek Adams <erek () snort org>
Date: Fri, 7 Mar 2003 11:58:33 -0500 (EST)
On Wed, 5 Mar 2003, Maynard, Jeff S. wrote:


Can someone tell me what this alert means.  I cannot find any reference to
it to determine if I should be concerned.

(spp_asn1) ASN.1 spec violation, possible overflow


It means that the ASN preprocessor fired an alert.  For more indepth info
look at the code for spp_asn1.c in the <snortdir>/src/preprocessors/
directory.  There's about 60-70 lines of comments at the top that explain
what it is, and what it's attempting.

Short answer:  Something didn't match the ASN.1 specifciation.  Some
section of the data was longer than the spec allows.  1001 bytes where it
should only be 1000 or something like that.

Cheers!

-----
Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson


-------------------------------------------------------
This SF.net email is sponsored by: Etnus, makers of TotalView, The debugger 
for complex code. Debugging C/C++ programs can leave you feeling lost and 
disoriented. TotalView can help you find your way. Available on major UNIX 
and Linux platforms. Try it free. www.etnus.com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: