"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "src/detection-plugins/sp_byte_check.c" between
snort-2.9.16.1.tar.gz and snort-2.9.17.tar.gz

About: Snort is a network intrusion prevention and detection system (IDS/IPS) combining the benefits of signature, protocol and anomaly-based inspection.

sp_byte_check.c  (snort-2.9.16.1):sp_byte_check.c  (snort-2.9.17)
skipping to change at line 498 skipping to change at line 498
ParseError("byte_test option has bad comparison value: %s.", toks[2] ); ParseError("byte_test option has bad comparison value: %s.", toks[2] );
} }
if(errno == ERANGE) if(errno == ERANGE)
{ {
ParseError("Bad range: %s\n", toks[2]); ParseError("Bad range: %s\n", toks[2]);
} }
} }
else else
{ {
if ( bytemath_variable_name && (strcmp(bytemath_variable_name,toks[2]) = idx->cmp_value_var = find_value(toks[2]);
= 0) ) if ( idx->cmp_value_var == BYTE_EXTRACT_NO_VAR)
{ {
idx->cmp_value_var= BYTE_MATH_VAR_INDEX; // 2 ParseError(BYTE_TEST_INVALID_ERR_FMT, "byte_test : value", toks[2]);
}
else
{
idx->cmp_value_var = GetVarByName(toks[2]);
if ( idx->cmp_value_var == BYTE_EXTRACT_NO_VAR)
ParseError(BYTE_TEST_INVALID_ERR_FMT, "byte_test : value", to
ks[2]);
} }
} }
if (isdigit(toks[3][0]) || toks[3][0] == '-') if (isdigit(toks[3][0]) || toks[3][0] == '-')
{ {
/* set offset */ /* set offset */
idx->offset = strtol(toks[3], &endp, 10); idx->offset = strtol(toks[3], &endp, 10);
idx->offset_var = -1; idx->offset_var = -1;
if(toks[3] == endp) if(toks[3] == endp)
skipping to change at line 529 skipping to change at line 524
toks[3]); toks[3]);
} }
if(*endp != '\0') if(*endp != '\0')
{ {
ParseError("byte_test option has bad offset: %s.", toks[3]); ParseError("byte_test option has bad offset: %s.", toks[3]);
} }
} }
else else
{ {
if ( bytemath_variable_name && (strcmp(bytemath_variable_name,toks[3]) = idx->offset_var = find_value(toks[3]);
= 0) ) if ( idx->offset_var == BYTE_EXTRACT_NO_VAR)
{
idx->offset_var= BYTE_MATH_VAR_INDEX; // 2
}
else
{ {
idx->offset_var = GetVarByName(toks[3]); ParseError(BYTE_TEST_INVALID_ERR_FMT, "byte_test : offset", toks[3])
if ( idx->offset_var == BYTE_EXTRACT_NO_VAR) ;
ParseError(BYTE_TEST_INVALID_ERR_FMT, "byte_test : offset", t
oks[3]);
} }
} }
i = 4; i = 4;
/* is it a relative offset? */ /* is it a relative offset? */
if(num_toks > 4) if(num_toks > 4)
{ {
while(i < num_toks) while(i < num_toks)
{ {
skipping to change at line 704 skipping to change at line 694
"[*] byte test firing...\npayload starts at %p\n", start_ptr);); "[*] byte test firing...\npayload starts at %p\n", start_ptr););
/* Get values from byte_extract variables, if present. */ /* Get values from byte_extract variables, if present. */
if (btd->cmp_value_var >= 0 ) if (btd->cmp_value_var >= 0 )
{ {
if(btd->cmp_value_var == BYTE_MATH_VAR_INDEX ) if(btd->cmp_value_var == BYTE_MATH_VAR_INDEX )
{ {
btd->cmp_value = (int32_t) bytemath_variable; btd->cmp_value = (int32_t) bytemath_variable;
} }
else else if(btd->cmp_value_var == COMMON_VAR_INDEX )
{ {
if (btd->cmp_value_var < NUM_BYTE_EXTRACT_VARS) btd->cmp_value = (int32_t) common_var;
{ }
GetByteExtractValue(&extract_cmp_value, btd->cmp_value_var); else if (btd->cmp_value_var < NUM_BYTE_EXTRACT_VARS)
btd->cmp_value = (int32_t) extract_cmp_value; {
} GetByteExtractValue(&extract_cmp_value, btd->cmp_value_var);
btd->cmp_value = (int32_t) extract_cmp_value;
} }
} }
if (btd->offset_var >= 0 ) if (btd->offset_var >= 0 )
{ {
if(btd->offset_var == BYTE_MATH_VAR_INDEX ) if(btd->offset_var == BYTE_MATH_VAR_INDEX )
{ {
btd->offset = (int32_t) bytemath_variable; btd->offset = (int32_t) bytemath_variable;
} }
else else if(btd->offset_var == COMMON_VAR_INDEX )
{ {
if (btd->offset_var < NUM_BYTE_EXTRACT_VARS) btd->offset = (int32_t) common_var;
{ }
GetByteExtractValue(&extract_offset, btd->offset_var); else if (btd->offset_var < NUM_BYTE_EXTRACT_VARS)
btd->offset = (int32_t) extract_offset; {
} GetByteExtractValue(&extract_offset, btd->offset_var);
btd->offset = (int32_t) extract_offset;
} }
} }
if(btd->relative_flag && doe_ptr) if(btd->relative_flag && doe_ptr)
{ {
DEBUG_WRAP(DebugMessage(DEBUG_PATTERN_MATCH, DEBUG_WRAP(DebugMessage(DEBUG_PATTERN_MATCH,
"Checking relative offset!\n");); "Checking relative offset!\n"););
/* @todo: possibly degrade to use the other buffer, seems non-intuitive /* @todo: possibly degrade to use the other buffer, seems non-intuitive
 End of changes. 8 change blocks. 
32 lines changed or deleted 21 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)