Bug; ts_print() reporting negative years before 2000

[David Turnbull <david () broodax net>]

I was running some tests on some old data (Darpa 98 training set) and noticed the fast alert reporting a timestamp of 
'06/05/-2-11:55:15.566704'. Setting the packet timestamp to something very low, you get down to 
'06/05/-30-11:55:15.566704'.

diff --git a/src/util.c b/src/util.c
index b4b39e0..f87d693 100644
--- a/src/util.c
+++ b/src/util.c
@@ -254,9 +254,17 @@ void ts_print(register const struct timeval *tvp, char *timebuf)
 
     if (ScOutputIncludeYear())
     {
+        int year;
+        if (lt->tm_year < 70)
+            // 00 .. 69
+            year = lt->tm_year - 100;
+        else
+            // 70 ... 99
+            year = lt->tm_year;
+
         (void) SnortSnprintf(timebuf, TIMEBUF_SIZE,
                         "%02d/%02d/%02d-%02d:%02d:%02d.%06u ",
-                        lt->tm_mon + 1, lt->tm_mday, lt->tm_year - 100,
+                        lt->tm_mon + 1, lt->tm_mday, year,
                         s / 3600, (s % 3600) / 60, s % 60,
                         (u_int) tvp->tv_usec);
     }


------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel

Please visit http://blog.snort.org for the latest news about Snort!