"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "src/detection-plugins/sp_byte_jump.c" between
snort-2.9.16.1.tar.gz and snort-2.9.17.tar.gz

About: Snort is a network intrusion prevention and detection system (IDS/IPS) combining the benefits of signature, protocol and anomaly-based inspection.

sp_byte_jump.c  (snort-2.9.16.1):sp_byte_jump.c  (snort-2.9.17)
skipping to change at line 425 skipping to change at line 425
ParseError("Unable to parse as offset %s\n",toks[1]); ParseError("Unable to parse as offset %s\n",toks[1]);
} }
if(*endp != '\0') if(*endp != '\0')
{ {
ParseError("byte_jump option has bad offset: %s.", toks[1]); ParseError("byte_jump option has bad offset: %s.", toks[1]);
} }
} }
else else
{ {
if ( bytemath_variable_name && (strcmp(bytemath_variable_name,toks[1]) = idx->offset_var = find_value(toks[1]);
= 0) ) if (idx->offset_var == BYTE_EXTRACT_NO_VAR)
{ {
idx->offset_var= BYTE_MATH_VAR_INDEX; // 2 ParseError(BYTE_JUMP_INVALID_ERR_FMT, "byte_jump : offset", toks[1])
} ;
else
{
idx->offset_var = GetVarByName(toks[1]);
if ( idx->offset_var == BYTE_EXTRACT_NO_VAR)
ParseError(BYTE_JUMP_INVALID_ERR_FMT, "byte_jump : offset", t
oks[1]);
} }
} }
idx->postoffset_var = -1; idx->postoffset_var = -1;
i = 2; i = 2;
/* is it a relative offset? */ /* is it a relative offset? */
if(num_toks > 2) if(num_toks > 2)
{ {
while(i < num_toks) while(i < num_toks)
skipping to change at line 535 skipping to change at line 530
factor = strtol(mval, &endp, 10); factor = strtol(mval, &endp, 10);
idx->postoffset_var=-1; idx->postoffset_var=-1;
if (endp != cptr + postoffset_len) if (endp != cptr + postoffset_len)
{ {
ParseError("invalid post_offset \"%s\"\n",cptr); ParseError("invalid post_offset \"%s\"\n",cptr);
} }
idx->post_offset = factor; idx->post_offset = factor;
} }
else else
{ {
if ( bytemath_variable_name && (strcmp(bytemath_variable_n idx->postoffset_var = find_value(mval);
ame,mval) == 0) ) if ( idx->postoffset_var == BYTE_EXTRACT_NO_VAR)
{ {
idx->postoffset_var= BYTE_MATH_VAR_INDEX; ParseError(BYTE_JUMP_INVALID_ERR_FMT, "byte_jump : pos
} t_offset", mval);
else
{
idx->postoffset_var = GetVarByName(mval);
if ( idx->postoffset_var == BYTE_EXTRACT_NO_VAR)
ParseError(BYTE_JUMP_INVALID_ERR_FMT, "byte_jump : post
_offset", mval);
} }
} }
} }
else else
{ {
ParseError("byte_jump option post_offset is already configure d in rule once\n"); ParseError("byte_jump option post_offset is already configure d in rule once\n");
} }
} }
else if ((tmp_byte_order_func = GetByteOrderFunc(cptr)) != NULL) else if ((tmp_byte_order_func = GetByteOrderFunc(cptr)) != NULL)
{ {
skipping to change at line 679 skipping to change at line 669
DebugMessage(DEBUG_PATTERN_MATCH,"payload ends at %p\n", end_ptr); DebugMessage(DEBUG_PATTERN_MATCH,"payload ends at %p\n", end_ptr);
DebugMessage(DEBUG_PATTERN_MATCH,"doe_ptr %p\n", doe_ptr); DebugMessage(DEBUG_PATTERN_MATCH,"doe_ptr %p\n", doe_ptr);
); /* END DEBUG_WRAP */ ); /* END DEBUG_WRAP */
/* Get values from byte_extract variables, if present. */ /* Get values from byte_extract variables, if present. */
if (bjd->offset_var >= 0 ) if (bjd->offset_var >= 0 )
{ {
if(bjd->offset_var == BYTE_MATH_VAR_INDEX ) if(bjd->offset_var == BYTE_MATH_VAR_INDEX )
{ {
bjd->offset = (int32_t) bytemath_variable; bjd->offset = (int32_t) bytemath_variable;
} }
if ( bjd->offset_var < NUM_BYTE_EXTRACT_VARS)
else if(bjd->offset_var == COMMON_VAR_INDEX )
{
bjd->offset = (int32_t) common_var;
}
else if ( bjd->offset_var < NUM_BYTE_EXTRACT_VARS)
{ {
GetByteExtractValue(&extract_offset, bjd->offset_var); GetByteExtractValue(&extract_offset, bjd->offset_var);
bjd->offset = (int32_t) extract_offset; bjd->offset = (int32_t) extract_offset;
} }
} }
if(bjd->relative_flag && doe_ptr) if(bjd->relative_flag && doe_ptr)
{ {
DEBUG_WRAP(DebugMessage(DEBUG_PATTERN_MATCH, DEBUG_WRAP(DebugMessage(DEBUG_PATTERN_MATCH,
"Checking relative offset!\n");); "Checking relative offset!\n"););
skipping to change at line 848 skipping to change at line 843
UpdateDoePtr((base_ptr + payload_bytes_grabbed + jump_value), rst_doe_fl ags); UpdateDoePtr((base_ptr + payload_bytes_grabbed + jump_value), rst_doe_fl ags);
} }
DEBUG_WRAP(DebugMessage(DEBUG_PATTERN_MATCH,"updated doe_ptr %p\n", doe_ptr) ;); DEBUG_WRAP(DebugMessage(DEBUG_PATTERN_MATCH,"updated doe_ptr %p\n", doe_ptr) ;);
/* Get values from byte_extract/math variables, if present. */ /* Get values from byte_extract/math variables, if present. */
if (bjd->postoffset_var >=0) if (bjd->postoffset_var >=0)
{ {
if(bjd->postoffset_var == BYTE_MATH_VAR_INDEX) if(bjd->postoffset_var == BYTE_MATH_VAR_INDEX)
{ {
bjd->post_offset = (int32_t) bytemath_variable; bjd->post_offset = (int32_t) bytemath_variable;
} }
if (bjd->postoffset_var < NUM_BYTE_EXTRACT_VARS)
else if(bjd->postoffset_var == COMMON_VAR_INDEX)
{
bjd->post_offset = (int32_t) common_var;
}
else if (bjd->postoffset_var < NUM_BYTE_EXTRACT_VARS)
{ {
GetByteExtractValue(&extract_postoffset, bjd->postoffset_var); GetByteExtractValue(&extract_postoffset, bjd->postoffset_var);
bjd->post_offset = (int32_t) extract_postoffset; bjd->post_offset = (int32_t) extract_postoffset;
} }
} }
/* now adjust using post_offset -- before bounds checking */ /* now adjust using post_offset -- before bounds checking */
doe_ptr += bjd->post_offset; doe_ptr += bjd->post_offset;
DEBUG_WRAP(DebugMessage(DEBUG_PATTERN_MATCH,"after applying post_offset to d oe_ptr %p\n", doe_ptr);); DEBUG_WRAP(DebugMessage(DEBUG_PATTERN_MATCH,"after applying post_offset to d oe_ptr %p\n", doe_ptr););
if(!inBounds(start_ptr, end_ptr+1, doe_ptr)) if(!inBounds(start_ptr, end_ptr+1, doe_ptr))
{ {
 End of changes. 6 change blocks. 
22 lines changed or deleted 20 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)