[prev in list] [next in list] [prev in thread] [next in thread] 

List:       snort-devel
Subject:    [Snort-devel] [patch] src/decode.c: HDLC big-endian/little-endian
From:       "Jay Schulist" <jjschlst () gmail ! com>
Date:       2008-03-14 17:35:46
Message-ID: e623eda60803141035s679a3fady1f4fc5468314e2bd () mail ! gmail ! com
[Download RAW message or body]

Hello,
Attached is a patch against snort-2.8.1.rc that fixes a
big-endian/little-endian problem while detecting IP packet types in
HDLC packets. The old code assumes little endian and breaks on
anything that is big endian. I'm hoping that you could apply this
patch so the fix is included in future snort releases.

Please let me know if there are any problems with this patch that will
bar it from being accepted, I'll be happy to make any changes
required.

Thank you,
Jay Schulist

diff -ruN snort-2.8.1.rc.orig/src/decode.c snort-2.8.1.rc/src/decode.c
--- snort-2.8.1.rc.orig/src/decode.c	2008-03-04 12:13:19.000000000 -0800
+++ snort-2.8.1.rc/src/decode.c	2008-03-14 10:22:58.000000000 -0700
@@ -2229,7 +2229,7 @@
     DEBUG_WRAP(DebugMessage(DEBUG_DECODE, "Packet!\n"););

     if ((pkt[0] == CHDLC_ADDR_UNICAST || pkt[0] == CHDLC_ADDR_MULTICAST) &&
-           ntohs((u_int16_t)(pkt[2] | pkt[3] << 8)) == ETHERNET_TYPE_IP)
+           ntohs(*(u_int16_t *)&pkt[2]) == ETHERNET_TYPE_IP)
     {
         DecodeIP(p->pkt + CHDLC_HEADER_LEN,
                  p->pkth->caplen - CHDLC_HEADER_LEN, p);

-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Snort-devel mailing list
Snort-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-devel
[prev in list] [next in list] [prev in thread] [next in thread]