Home page logo
/

snort logo Snort mailing list archives

patch for spp_normalize.c
From: Gregory S Thomas <greg.thomas () pnnl gov>
Date: Thu, 13 Mar 2014 17:05:23 -0700

While adding a preprocessor to snort-2.9.6.0, I noticed some copy-and-paste errors in spp_normalize.c:

shell> grep NOT_INLINE snort-2.9.6.0.old/src/preprocessors/spp_normalize.c
#define NOT_INLINE "WARNING: %s normalizations disabled because not inline.\n"
         LogMessage(NOT_INLINE, "ip4");
         LogMessage(NOT_INLINE, "icmp4");
         LogMessage(NOT_INLINE, "ip6");
         LogMessage(NOT_INLINE, "icmp6");
         LogMessage(NOT_INLINE, "tcp");
         LogMessage(NOT_INLINE, "tcp");
         LogMessage(NOT_INLINE, "tcp");
         LogMessage(NOT_INLINE, "tcp");
         LogMessage(NOT_INLINE, "tcp");
         LogMessage(NOT_INLINE, "tcp");

The code should look like this:

shell> grep NOT_INLINE snort-2.9.6.0.new/src/preprocessors/spp_normalize.c
#define NOT_INLINE "WARNING: %s normalizations disabled because not inline.\n"
         LogMessage(NOT_INLINE, "ip4");
         LogMessage(NOT_INLINE, "icmp4");
         LogMessage(NOT_INLINE, "ip6");
         LogMessage(NOT_INLINE, "icmp6");
         LogMessage(NOT_INLINE, "tcp");
         LogMessage(NOT_INLINE, "ip4");
         LogMessage(NOT_INLINE, "icmp4");
         LogMessage(NOT_INLINE, "ip6");
         LogMessage(NOT_INLINE, "icmp6");
         LogMessage(NOT_INLINE, "tcp");

Here is a patch that corrects the errors:

diff -aur snort-2.9.6.0.old/src/preprocessors/spp_normalize.c snort-2.9.6.0.new/src/preprocessors/spp_normalize.c
--- snort-2.9.6.0.old/src/preprocessors/spp_normalize.c 2013-12-31 16:07:55.000000000 +0000
+++ snort-2.9.6.0.new/src/preprocessors/spp_normalize.c 2014-03-13 23:43:45.000000000 +0000
@@ -734,7 +734,7 @@
      if ( pc )
          Parse_IP4(sc, pc, args);
      else
-        LogMessage(NOT_INLINE, "tcp");
+        LogMessage(NOT_INLINE, "ip4");
  }
  
  static void Reload_ICMP4 (struct _SnortConfig *sc, char* args, void **new_config)
@@ -744,7 +744,7 @@
      if ( pc )
          Parse_ICMP4(pc, args);
      else
-        LogMessage(NOT_INLINE, "tcp");
+        LogMessage(NOT_INLINE, "icmp4");
  }
  
  static void Reload_IP6 (struct _SnortConfig *sc, char* args, void **new_config)
@@ -754,7 +754,7 @@
      if ( pc )
          Parse_IP6(sc, pc, args);
      else
-        LogMessage(NOT_INLINE, "tcp");
+        LogMessage(NOT_INLINE, "ip6");
  }
  
  static void Reload_ICMP6 (struct _SnortConfig *sc, char* args, void **new_config)
@@ -764,7 +764,7 @@
      if ( pc )
          Parse_ICMP6(pc, args);
      else
-        LogMessage(NOT_INLINE, "tcp");
+        LogMessage(NOT_INLINE, "icmp6");
  }
  
  static void Reload_TCP (struct _SnortConfig *sc, char* args, void **new_config)

These errors are also present in snort-2.9.7.0.alpha (because spp_normalize.c did not change).

Thanks,

Greg Thomas

------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/13534_NeoTech
_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel
Archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel

Please visit http://blog.snort.org for the latest news about Snort!


  By Date           By Thread  

Current thread:
  • patch for spp_normalize.c Gregory S Thomas (Mar 14)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault