Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [PATCH][RESEND]: Use uint8_t for protocol in some Stream5functions

From: Russ Combs <rcombs () sourcefire com>
Date: Tue, 11 Oct 2011 17:21:14 -0400
Thanks Joshua - just following up to let you know I've opened a bug on this.

Russ

On Wed, Sep 14, 2011 at 12:36 AM, <Joshua.Kinard () us-cert gov> wrote:



Hi snort-devel,

Resending.  I forgot to change the argument list in two functions in
typedef StreamApi.h in src/preprocessors/stream_api.h.

--J


I noticed that for several function calls in the Stream5 code, a

signed char

was being used for the protocol.  Right now, supported Snort

protocols, ICMP,

TCP, and UDP, are all under 128 (1, 6, and 17).  For for protocols
128, this
would roll over into a negative number, making a conditional on the

IPPROTO_*

macro useless because those macros are only returning a positive

number

between 1 and 255.

Per include/linux/in.h (as of 3.0), this would affect IPPROTO_SCTP and
IPPROTO_UDPLITE.

Patch is attached.  There might be more cases in the code, but I only

did a

quick grep for "char proto" and fixed the obvious cases.  Other

'protocol'

variables are already uint8_t.



------------------------------------------------------------------------------
BlackBerry&reg; DevCon Americas, Oct. 18-20, San Francisco, CA
Learn about the latest advances in developing for the
BlackBerry&reg; mobile platform with sessions, labs & more.
See new tools and technologies. Register for BlackBerry&reg; DevCon today!
http://p.sf.net/sfu/rim-devcon-copy1
_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel

Please visit http://blog.snort.org for the latest news about Snort!


------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure contains a
definitive record of customers, application performance, security
threats, fraudulent activity and more. Splunk takes this data and makes
sense of it. Business sense. IT sense. Common sense.
http://p.sf.net/sfu/splunk-d2d-oct
_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel

Please visit http://blog.snort.org for the latest news about Snort!
Previous By Date Next
Previous By Thread Next

Current thread: