Project

General

Profile

Bug #44

Bug in Snort output plugin alert_prelude parameter parsing

Added by about 16 years ago. Updated almost 16 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Start date:
Due date:
% Done:

0%

Resolution:
fixed

Description

Configuration of Snort output plugin alert_prelude 0.3.5 supports up to six parameters but the parameter parsing code in spo_alert_prelude.c is limiting the parser to a maximum of three parameter tokens:

args_table = mSplit(args, ", ", 3, &tokens, '\\');

The effect is that the first two parameters are parsed correctly but all the remaining parameters are returned as a single third parameter. The following trivial change fixes the issue:

args_table = mSplit(args, ", ", 6, &tokens, '\\');

This change should be implemented as:

--- snort-2.1.2-prelude-0.3.5.diff 2004-05-12 13:30:34.000000000 0600
++ snort-2.1.2-prelude-0.3.5.diff.new 2004-07-15 14:55:55.000000000 -0600
@ -2958,7 +2958,7 @
+ return NULL;
+ }
+
args_table = mSplit(args, ", ", 3, &tokens, '\\');
++ args_table = mSplit(args, ", ", 6, &tokens, '\\');
+
+ /* defaults */
+ data->async_mode = DEFAULT_ASYNC_MODE;

snort-2.1.2-prelude-0.3.5.diff.diff View - patch for spo_alert_prelude.c parameter parsing (375 Bytes) admin admin, 07/15/2004 10:39 PM

History

#1 Updated by Yoann VANDOORSELAERE about 16 years ago

  • Status changed from New to Assigned

#2 Updated by Yoann VANDOORSELAERE almost 16 years ago

  • Status changed from Assigned to Closed
  • Resolution set to fixed

Fixed in latest Snort patch.

Also available in: Atom PDF