Snort mailing list archives

Previous By Date Next
Previous By Thread Next

report frag3 preprocess bug

From: zhaohui yin <yinzhaohui () gmail com>
Date: Wed, 9 Nov 2005 09:50:42 +0800
It's sound snort-devel mail list is not active,so I send the message
to snort-users.

1. a small mem leak
 in Frag3Init() will lost a IpAddrSet struct memory, I attach the patch file.

2. code confused?
in Frag3NewTracker() function:
fragStart = ((char *)p->iph + IP_HLEN(p->iph) * 4) +
(u_int16_t)p->ip_options_len;
fragLength = p->actual_ip_len - IP_HLEN(p->iph) * 4 -
(u_int16_t)p->ip_options_len;

in RFC , IP Header Len had include the options len, does need subtract
IP header len and options len again?


--
yinzhaohui

Attachment: spp_frag3_c.patch
Description:

Previous By Date Next
Previous By Thread Next

Current thread: