[prev in list] [next in list] [prev in thread] [next in thread]
List: ossec-dev
Subject: Re: [ossec-dev] Re: Some patches we would like to add for the next releases
From: Cristobal Rosa <crosa () alienvault ! com>
Date: 2013-07-08 12:51:54
Message-ID: CANhfVJ3XTrGQVdpGn7nEqCreTe-9dz2KFCoiv0+PCjt-PeAa6A () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Hi guys,
here you are a new patch for the custom output format. This patch escapes
new line characters.
07 - escape new line characters.
Thanks!
BR,
Cristobal Rosa
R&D Engineer
crosa@alienvault.com
AlienVault Unified Security Management. Complete. Simple. Affordable.
Try USM for free - Download Now <http://www.alienvault.com/tryandbuy/>
[image: AlienVault] <http://www.alienvault.com>
2013/7/1 dan (ddp) <ddpbsd@gmail.com>
> On Thu, Jun 6, 2013 at 3:04 AM, <robertm.89@gmail.com> wrote:
> > Hi everyone.
> >
> > Thanks a lot for your hard work. I am very happy with how well OSSEC
> works.
> > We are using v2.7. I am unsure if this is the place to ask. I have a
> request
> > based on patch 2. Is there a patch to modify the time the server
> declares an
> > agent disconnected and in turn sends an e-mail? This would be very
> useful to
> > be notified if an agent (which in our case are other servers) possibly
> went
> > down.
> >
> > I saw this post:
> >
> https://groups.google.com/forum/?hl=en&fromgroups=#!searchin/ossec-list/disconnect/ossec-list/TMOPyhie_K4/iVjT9XPLT_IJ
>
> > and intend to try that solution on a test system but I was wondering if a
> > patch already existed.
> >
> > Thanks a lot.
> >
> > Robert
> >
>
> Changing the time is literally a 1 line change. No patch should be
> necessary.
>
> >
> > On Tuesday, January 29, 2013 8:38:29 AM UTC+1, Cristobal Rosa wrote:
> > >
> > > Hi guys,
> > >
> > > We've been working in some patches that we would like to add to your
> next
> > > releases, if you consider it's a good option.
> > >
> > > patch 01: Alert logs customization. We've added a new global
> configuration
> > > option that will allow to an user to customize the alert output by using
> > > some variables and it uses a single line to write the log.
> > >
> > > In order to use this functionality you should modify your ossec
> > > configuration and add the new entry to it. This new section is called
> > > "custom_alert_output" and you could use it to customize the logs
> entries. To
> > > do that we've added a several variables that the use could use.
> > >
> > > <global>
> > > <email_notification>no</email_notification>
> > > <custom_alert_output>AV - $TIMESTAMP --> RID: $RULEID RL:
> $RULELEVEL
> > > RG: $RULEGROUP RC: $RULECOMMENT Event-> [INIT]$FULLLOG[END]
> > > </custom_alert_output>
> > > </global>
> > >
> > >
> > > Variables:
> > > "$TIMESTAMP"
> > > "$FTELL"
> > > "$RULEALERT"
> > > "$HOSTNAME"
> > > "$LOCATION"
> > > "$RULEID"
> > > "$RULELEVEL"
> > > "$RULECOMMENT"
> > > "$SRCIP"
> > > "$DSTUSER"
> > > "$FULLLOG",
> > > "$RULEGROUP"
> > >
> > > Sample logs:
> > > AV - 1320922959 --> RID: 2902 RL: 7 RG: syslog,dpkg,config_changed, RC:
> > > New dpkg (Debian Package) installed. Event-> [INIT]2011-11-10 12:02:39
> > > status installed libobject-realize-later-perl 0.18-1[END]
> > > AV - 1320922959 --> RID: 2902 RL: 7 RG: syslog,dpkg,config_changed, RC:
> > > New dpkg (Debian Package) installed. Event-> [INIT]2011-11-10 12:02:39
> > > status installed libuser-identity-perl 0.92-2[END]
> > > AV - 1320922959 --> RID: 2902 RL: 7 RG: syslog,dpkg,config_changed, RC:
> > > New dpkg (Debian Package) installed. Event-> [INIT]2011-11-10 12:02:39
> > > status installed libmail-box-perl 2.082-2[END]
> > > AV - 1320922959 --> RID: 2902 RL: 7 RG: syslog,dpkg,config_changed, RC:
> > > New dpkg (Debian Package) installed. Event-> [INIT]2011-11-10 12:02:39
> > > status installed libsys-hostname-long-perl 1.4-2[END]
> > > AV - 1320922959 --> RID: 2902 RL: 7 RG: syslog,dpkg,config_changed, RC:
> > > New dpkg (Debian Package) installed. Event-> [INIT]2011-11-10 12:02:39
> > > status installed libmail-sendmail-perl 0.79-5[END]
> > > AV - 1320923104 --> RID: 1002 RL: 2 RG: syslog,errors, RC: Unknown
> > > problem somewhere in the system. Event-> [INIT]Nov 10 12:05:04 mmmm
> > > nfcapd[3175]: Ident: 'mmmm' Flows: 172, Packets: 7305, Bytes: 6246716,
> > > Sequence Errors: 0, Bad Packets: 0[END]
> > > AV - 1320923118 --> RID: 5715 RL: 3 RG:
> > > syslog,sshd,authentication_success, RC: SSHD authentication success.
> > > Event-> [INIT]Nov 10 12:05:16 mmmm sshd[13269]: Accepted publickey for
> root
> > > from 192.168.2.111 port 50874 ssh2[END]
> > >
> > >
> > > patch 02: Configurable reconnection time on the ossec-agents.
> > > We've added two new options to the ossec agent configuration in order to
> > > allow the user to configure the reconnection time and the time between
> keep
> > > alive messages.
> > >
> > > <ossec_config>
> > > <client>
> > > <server-ip>192.168.2.18</server-ip>
> > > <notify_time>120</notify_time>
> > > <time-reconnect>240</time-reconnect>
> > > </client>
> > > </ossec_config>
> > >
> > > notify_time: time in seconds between information messages sent by the
> > > agents to the server
> > > time-reconnect: Time in seconds until a reconnection attempt. This time
> > > have to be greater than the notify-time.
> > >
> > > We've added some log traces to check that is working properly
> > >
> > > 2012/12/21 17:18:24 ossec-agent Using notify time: 120 and max time to
> > > reconnect: 240
> > > ...
> > > 2012/12/21 17:23:56 ossec-agent More than 120 seconds without server
> > > response...sending win32info
> > > 2012/12/21 17:23:56 ossec-agent Sending keep alive message....
> > > 2012/12/21 17:23:57 ossec-agent Sending keep alive message....
> > > 2012/12/21 17:23:57 ossec-agent Sending keep alive message....
> > > 2012/12/21 17:23:57 ossec-agent More than 240 seconds without server
> > > response...is server alive? and Is there connection?
> > > 2012/12/21 17:23:58 ossec-agent Sending keep alive message....
> > > 2012/12/21 17:23:58 ossec-agent Sending keep alive message....
> > > 2012/12/21 17:23:59 ossec-agent: WARN: Server unavailable. Setting lock.
> > > 2012/12/21 17:23:59 ossec-agent Sending keep alive message....
> > > 2012/12/21 17:23:59 ossec-agent Sending keep alive message....
> > > 2012/12/21 17:24:00 ossec-agent Sending keep alive message....
> > > 2012/12/21 17:24:02 ossec-agent Sending keep alive message....
> > > 2012/12/21 17:24:04 ossec-agent Sending keep alive message....
> > > 2012/12/21 17:24:06 ossec-agent Sending keep alive message....
> > > 2012/12/21 17:24:09 ossec-agent Sending keep alive message....
> > > 2012/12/21 17:24:13 ossec-agent Sending keep alive message....
> > > 2012/12/21 17:24:17 ossec-agent Sending keep alive message....
> > > 2012/12/21 17:24:21 ossec-agent Sending keep alive message....
> > > 2012/12/21 17:24:26 ossec-agent Sending keep alive message....
> > > 2012/12/21 17:24:32 ossec-agent(4102): INFO: Connected to the server
> > > (192.168.2.111:1514).
> > > 2012/12/21 17:24:32 ossec-agent: INFO: Server responded. Releasing lock.
> > >
> > > patch 03: This is a patch that a client send to us. OSSEC FIM Bug in
> > > handling large files
> > > OSSEC uses an integer to store file sizes in the syscheck DB. When a
> file
> > > is larger than 2 GB, the integer overflows. If the overflow results
> into a
> > > negative number, OSSEC assumes that the file has been deleted and
> generates
> > > an incorrect alert saying the file has been deleted.
> > >
> > > This patches have been checked for the ossec-2.6 version but they could
> be
> > > used for the ossec 2.7
> > >
> > > Hope this helps.
> > >
> > > Thank you so much!
> > >
> > > BR,
> > >
> > > Cristobal Rosa
> > > R&D Engineer
> > > cr...@alienvault.com
> > > www.AlienVault.com
> > >
> > >
> > > We come in peace and security.
> > >
> > >
> > >
> > --
> >
> > ---
> > You received this message because you are subscribed to the Google Groups
> > "ossec-dev" group.
> > To unsubscribe from this group and stop receiving emails from it, send an
> > email to ossec-dev+unsubscribe@googlegroups.com.
> > For more options, visit https://groups.google.com/groups/opt_out.
> >
> >
>
> --
>
> ---
> You received this message because you are subscribed to the Google Groups
> "ossec-dev" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ossec-dev+unsubscribe@googlegroups.com.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
>
--
---
You received this message because you are subscribed to the Google Groups "ossec-dev" \
group. To unsubscribe from this group and stop receiving emails from it, send an \
email to ossec-dev+unsubscribe@googlegroups.com. For more options, visit \
https://groups.google.com/groups/opt_out.
[Attachment #5 (text/html)]
<div dir="ltr">Hi guys, <div>here you are a new patch for the custom output format. \
This patch escapes new line characters.</div><div><br><div style>07 - escape new \
line characters. </div></div><div style><br></div><div style>
Thanks!</div></div><div class="gmail_extra"><br clear="all"><div><div \
dir="ltr"><div>BR,</div><div><br></div>Cristobal Rosa <br>R&D Engineer \
<br><a style="font-family:Arial;font-size:12" href="mailto:crosa@alienvault.com" \
target="_blank">crosa@alienvault.com</a>
<p style="color:#000000;font-family:Arial;font-size:12">AlienVault Unified Security \
Management. Complete. Simple. Affordable. <br>Try USM for free - <a \
style="font-family:Arial;font-size:12" href="http://www.alienvault.com/tryandbuy/" \
target="_blank">Download Now</a> </p>
<p>
<a href="http://www.alienvault.com" target="_blank"><img \
style="color:#000000;font-family:Arial;font-size:12" \
src="http://www.alienvault.com/signatures/images/AV-Logo.png" alt="AlienVault" \
height="99.84" width="156.48"></a> </p><div><span \
style="border-collapse:collapse;color:rgb(34,34,34);font-family:arial,sans-serif;font-size:13px"><div><br></div><div><div \
style="font-size:13px;font-family:arial,sans-serif"> </div></div><div \
style="font-size:13px;font-family:arial,sans-serif">
<br></div></span></div></div></div>
<br><br><div class="gmail_quote">2013/7/1 dan (ddp) <span dir="ltr"><<a \
href="mailto:ddpbsd@gmail.com" \
target="_blank">ddpbsd@gmail.com</a>></span><br><blockquote class="gmail_quote" \
style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div class="im">On Thu, Jun 6, 2013 at 3:04 AM, <<a \
href="mailto:robertm.89@gmail.com">robertm.89@gmail.com</a>> wrote:<br> > Hi \
everyone.<br> ><br>
> Thanks a lot for your hard work. I am very happy with how well OSSEC works.<br>
> We are using v2.7. I am unsure if this is the place to ask. I have a request<br>
> based on patch 2. Is there a patch to modify the time the server declares an<br>
> agent disconnected and in turn sends an e-mail? This would be very useful to<br>
> be notified if an agent (which in our case are other servers) possibly went<br>
> down.<br>
><br>
> I saw this post:<br>
> <a href="https://groups.google.com/forum/?hl=en&fromgroups=#!searchin/ossec-list/disconnect/ossec-list/TMOPyhie_K4/iVjT9XPLT_IJ" \
target="_blank">https://groups.google.com/forum/?hl=en&fromgroups=#!searchin/ossec-list/disconnect/ossec-list/TMOPyhie_K4/iVjT9XPLT_IJ</a><br>
> and intend to try that solution on a test system but I was wondering if a<br>
> patch already existed.<br>
><br>
> Thanks a lot.<br>
><br>
> Robert<br>
><br>
<br>
</div>Changing the time is literally a 1 line change. No patch should be \
necessary.<br> <div class="HOEnZb"><div class="h5"><br>
><br>
> On Tuesday, January 29, 2013 8:38:29 AM UTC+1, Cristobal Rosa wrote:<br>
>><br>
>> Hi guys,<br>
>><br>
>> We've been working in some patches that we would like to add to your \
next<br> >> releases, if you consider it's a good option.<br>
>><br>
>> patch 01: Alert logs customization. We've added a new global \
configuration<br> >> option that will allow to an user to customize the alert \
output by using<br> >> some variables and it uses a single line to write the \
log.<br> >><br>
>> In order to use this functionality you should modify your ossec<br>
>> configuration and add the new entry to it. This new section is called<br>
>> "custom_alert_output" and you could use it to customize the logs \
entries. To<br> >> do that we've added a several variables that the use \
could use.<br> >><br>
>> <global><br>
>> <email_notification>no</email_notification><br>
>> <custom_alert_output>AV - $TIMESTAMP --> RID: $RULEID RL: \
$RULELEVEL<br> >> RG: $RULEGROUP RC: $RULECOMMENT Event-> \
[INIT]$FULLLOG[END]<br> >> </custom_alert_output><br>
>> </global><br>
>><br>
>><br>
>> Variables:<br>
>> "$TIMESTAMP"<br>
>> "$FTELL"<br>
>> "$RULEALERT"<br>
>> "$HOSTNAME"<br>
>> "$LOCATION"<br>
>> "$RULEID"<br>
>> "$RULELEVEL"<br>
>> "$RULECOMMENT"<br>
>> "$SRCIP"<br>
>> "$DSTUSER"<br>
>> "$FULLLOG",<br>
>> "$RULEGROUP"<br>
>><br>
>> Sample logs:<br>
>> AV - 1320922959 --> RID: 2902 RL: 7 RG: syslog,dpkg,config_changed, \
RC:<br> >> New dpkg (Debian Package) installed. Event-> [INIT]2011-11-10 \
12:02:39<br> >> status installed libobject-realize-later-perl 0.18-1[END]<br>
>> AV - 1320922959 --> RID: 2902 RL: 7 RG: syslog,dpkg,config_changed, \
RC:<br> >> New dpkg (Debian Package) installed. Event-> [INIT]2011-11-10 \
12:02:39<br> >> status installed libuser-identity-perl 0.92-2[END]<br>
>> AV - 1320922959 --> RID: 2902 RL: 7 RG: syslog,dpkg,config_changed, \
RC:<br> >> New dpkg (Debian Package) installed. Event-> [INIT]2011-11-10 \
12:02:39<br> >> status installed libmail-box-perl 2.082-2[END]<br>
>> AV - 1320922959 --> RID: 2902 RL: 7 RG: syslog,dpkg,config_changed, \
RC:<br> >> New dpkg (Debian Package) installed. Event-> [INIT]2011-11-10 \
12:02:39<br> >> status installed libsys-hostname-long-perl 1.4-2[END]<br>
>> AV - 1320922959 --> RID: 2902 RL: 7 RG: syslog,dpkg,config_changed, \
RC:<br> >> New dpkg (Debian Package) installed. Event-> [INIT]2011-11-10 \
12:02:39<br> >> status installed libmail-sendmail-perl 0.79-5[END]<br>
>> AV - 1320923104 --> RID: 1002 RL: 2 RG: syslog,errors, RC: Unknown<br>
>> problem somewhere in the system. Event-> [INIT]Nov 10 12:05:04 mmmm<br>
>> nfcapd[3175]: Ident: 'mmmm' Flows: 172, Packets: 7305, Bytes: \
6246716,<br> >> Sequence Errors: 0, Bad Packets: 0[END]<br>
>> AV - 1320923118 --> RID: 5715 RL: 3 RG:<br>
>> syslog,sshd,authentication_success, RC: SSHD authentication success.<br>
>> Event-> [INIT]Nov 10 12:05:16 mmmm sshd[13269]: Accepted publickey for \
root<br> >> from 192.168.2.111 port 50874 ssh2[END]<br>
>><br>
>><br>
>> patch 02: Configurable reconnection time on the ossec-agents.<br>
>> We've added two new options to the ossec agent configuration in order \
to<br> >> allow the user to configure the reconnection time and the time \
between keep<br> >> alive messages.<br>
>><br>
>> <ossec_config><br>
>> <client><br>
>> <server-ip>192.168.2.18</server-ip><br>
>> <notify_time>120</notify_time><br>
>> <time-reconnect>240</time-reconnect><br>
>> </client><br>
>> </ossec_config><br>
>><br>
>> notify_time: time in seconds between information messages sent by the<br>
>> agents to the server<br>
>> time-reconnect: Time in seconds until a reconnection attempt. This time<br>
>> have to be greater than the notify-time.<br>
>><br>
>> We've added some log traces to check that is working properly<br>
>><br>
>> 2012/12/21 17:18:24 ossec-agent Using notify time: 120 and max time to<br>
>> reconnect: 240<br>
>> ...<br>
>> 2012/12/21 17:23:56 ossec-agent More than 120 seconds without server<br>
>> response...sending win32info<br>
>> 2012/12/21 17:23:56 ossec-agent Sending keep alive message....<br>
>> 2012/12/21 17:23:57 ossec-agent Sending keep alive message....<br>
>> 2012/12/21 17:23:57 ossec-agent Sending keep alive message....<br>
>> 2012/12/21 17:23:57 ossec-agent More than 240 seconds without server<br>
>> response...is server alive? and Is there connection?<br>
>> 2012/12/21 17:23:58 ossec-agent Sending keep alive message....<br>
>> 2012/12/21 17:23:58 ossec-agent Sending keep alive message....<br>
>> 2012/12/21 17:23:59 ossec-agent: WARN: Server unavailable. Setting lock.<br>
>> 2012/12/21 17:23:59 ossec-agent Sending keep alive message....<br>
>> 2012/12/21 17:23:59 ossec-agent Sending keep alive message....<br>
>> 2012/12/21 17:24:00 ossec-agent Sending keep alive message....<br>
>> 2012/12/21 17:24:02 ossec-agent Sending keep alive message....<br>
>> 2012/12/21 17:24:04 ossec-agent Sending keep alive message....<br>
>> 2012/12/21 17:24:06 ossec-agent Sending keep alive message....<br>
>> 2012/12/21 17:24:09 ossec-agent Sending keep alive message....<br>
>> 2012/12/21 17:24:13 ossec-agent Sending keep alive message....<br>
>> 2012/12/21 17:24:17 ossec-agent Sending keep alive message....<br>
>> 2012/12/21 17:24:21 ossec-agent Sending keep alive message....<br>
>> 2012/12/21 17:24:26 ossec-agent Sending keep alive message....<br>
>> 2012/12/21 17:24:32 ossec-agent(4102): INFO: Connected to the server<br>
>> (<a href="http://192.168.2.111:1514" \
target="_blank">192.168.2.111:1514</a>).<br> >> 2012/12/21 17:24:32 \
ossec-agent: INFO: Server responded. Releasing lock.<br> >><br>
>> patch 03: This is a patch that a client send to us. OSSEC FIM Bug in<br>
>> handling large files<br>
>> OSSEC uses an integer to store file sizes in the syscheck DB. When a \
file<br> >> is larger than 2 GB, the integer overflows. If the overflow results \
into a<br> >> negative number, OSSEC assumes that the file has been deleted and \
generates<br> >> an incorrect alert saying the file has been deleted.<br>
>><br>
>> This patches have been checked for the ossec-2.6 version but they could \
be<br> >> used for the ossec 2.7<br>
>><br>
>> Hope this helps.<br>
>><br>
>> Thank you so much!<br>
>><br>
>> BR,<br>
>><br>
>> Cristobal Rosa<br>
>> R&D Engineer<br>
>> <a href="mailto:cr...@alienvault.com">cr...@alienvault.com</a><br>
>> <a href="http://www.AlienVault.com" \
target="_blank">www.AlienVault.com</a><br> >><br>
>><br>
>> We come in peace and security.<br>
>><br>
>><br>
>><br>
> --<br>
><br>
> ---<br>
> You received this message because you are subscribed to the Google Groups<br>
> "ossec-dev" group.<br>
> To unsubscribe from this group and stop receiving emails from it, send an<br>
> email to <a href="mailto:ossec-dev%2Bunsubscribe@googlegroups.com">ossec-dev+unsubscribe@googlegroups.com</a>.<br>
> For more options, visit <a href="https://groups.google.com/groups/opt_out" \
target="_blank">https://groups.google.com/groups/opt_out</a>.<br> ><br>
><br>
<br>
--<br>
<br>
---<br>
You received this message because you are subscribed to the Google Groups \
"ossec-dev" group.<br> To unsubscribe from this group and stop receiving \
emails from it, send an email to <a \
href="mailto:ossec-dev%2Bunsubscribe@googlegroups.com">ossec-dev+unsubscribe@googlegroups.com</a>.<br>
For more options, visit <a href="https://groups.google.com/groups/opt_out" \
target="_blank">https://groups.google.com/groups/opt_out</a>.<br> <br>
<br>
</div></div></blockquote></div><br></div>
<p></p>
-- <br />
<br />
--- <br />
You received this message because you are subscribed to the Google Groups \
"ossec-dev" group.<br /> To unsubscribe from this group and stop receiving \
emails from it, send an email to ossec-dev+unsubscribe@googlegroups.com.<br /> For \
more options, visit <a \
href="https://groups.google.com/groups/opt_out">https://groups.google.com/groups/opt_out</a>.<br \
/> <br />
<br />
--f46d043894f9c3b7fb04e0ff8492--
["07-ticket6272_escape_new_lines.patch" (application/octet-stream)]
--- a/src/analysisd/alerts/log.c
+++ b/src/analysisd/alerts/log.c
@@ -429,14 +429,22 @@
os_free(log);
log=NULL;
}
+ char * escaped_log;
+ escaped_log = escape_newlines(lf->full_log);
- log = searchAndReplace(tmp_log, CustomAlertTokenName[CUSTOM_ALERT_TOKEN_FULL_LOG], lf->full_log);
+ log = searchAndReplace(tmp_log, CustomAlertTokenName[CUSTOM_ALERT_TOKEN_FULL_LOG],escaped_log );
if (tmp_log)
{
os_free(tmp_log);
tmp_log=NULL;
}
+ if(escaped_log)
+ {
+ os_free(escaped_log);
+ escaped_log=NULL;
+ }
+
sprintf(tmp_buffer,"%s",lf->generated_rule->comment?lf->generated_rule->comment:"");
tmp_log = searchAndReplace(log, CustomAlertTokenName[CUSTOM_ALERT_TOKEN_RULE_COMMENT], tmp_buffer);
if(log)
--- a/src/headers/custom_output_search.h
+++ b/src/headers/custom_output_search.h
@@ -13,6 +13,11 @@
*/
char * searchAndReplace(char* orig, char* search, char*value);
+/** char* escape_newlines(char *orig);
+ * Escape the newlines characters
+ * Returns NULL on error, otherwise returns a new allocated string.
+ */
+char* escape_newlines(char *orig);
#endif /* CUSTOM_OUTPUT_SEARCH_H_ */
--- a/src/shared/custom_output_search_replace.c
+++ b/src/shared/custom_output_search_replace.c
@@ -77,3 +77,46 @@
return tmp;
}
+
+//escape newlines characters. Returns a new allocated string.
+char* escape_newlines(char *orig)
+{
+ const char *ptr;
+ char *ret, *retptr;
+ int size;
+
+ ptr = orig;
+ size = 1;
+ while (*ptr)
+ {
+ if ((*ptr == '\n') ||(*ptr == '\r'))
+ size += 2;
+ else
+ size += 1;
+ ptr++;
+ }
+
+ ret = malloc (size);
+ ptr = orig;
+ retptr = ret;
+ while (*ptr) {
+ if (*ptr == '\n') {
+ *retptr = '\\';
+ *(retptr+1) = 'n';
+ retptr += 2;
+ }
+ else if (*ptr == '\r') {
+ *retptr = '\\';
+ *(retptr+1) = 'n';
+ retptr += 2;
+ }
+ else {
+ *retptr = *ptr;
+ retptr ++;
+ }
+ ptr++;
+ }
+ *retptr = '\0';
+
+ return ret;
+}
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic