Merge pull request #647 in SNORT/snort3 from obfuscation_updates to master

author Hui Cao (huica) <huica@cisco.com>

Thu, 29 Sep 2016 20:29:57 +0000 (16:29 -0400)

committer Hui Cao (huica) <huica@cisco.com>

Thu, 29 Sep 2016 20:29:57 +0000 (16:29 -0400)
author Hui Cao (huica) <huica@cisco.com>
Thu, 29 Sep 2016 20:29:57 +0000 (16:29 -0400)
committer Hui Cao (huica) <huica@cisco.com>
Thu, 29 Sep 2016 20:29:57 +0000 (16:29 -0400)
diff --git a/src/ips_options/ips_sd_pattern.cc b/src/ips_options/ips_sd_pattern.cc

index 7cce0a0d27b24bcf63b888779db58c6743197377..e1d889bc64e1ff549d0ceb2899345c97728e3c1c 100644 (file)
--- a/src/ips_options/ips_sd_pattern.cc
+++ b/src/ips_options/ips_sd_pattern.cc
@@ -206,10 +206,9 @@ static int hs_match(unsigned int /*id*/, unsigned long long from,
          if ( !ctx->packet->obfuscator )
              ctx->packet->obfuscator = new Obfuscator();
  
-        uint32_t off = ctx->buf - ctx->start;
          // FIXIT-L Make configurable or don't show any PII partials (0 for user defined??)
-        len = len > 4 ? len - 4 : len;
-        ctx->packet->obfuscator->push(off, len);
+        uint32_t off = ctx->buf + from - ctx->start;
+        ctx->packet->obfuscator->push(off, len - 4);
      }
  
      return 0;
@@ -300,8 +299,6 @@ bool SdPatternModule::begin(const char*, int, SnortConfig*)
  
  bool SdPatternModule::set(const char*, Value& v, SnortConfig* sc)
  {
-    config.obfuscate_pii = false;
-
      if ( v.is("~pattern") )
      {
          config.pii = v.get_string();
author	Hui Cao (huica) <huica@cisco.com>
	Thu, 29 Sep 2016 20:29:57 +0000 (16:29 -0400)
committer	Hui Cao (huica) <huica@cisco.com>
	Thu, 29 Sep 2016 20:29:57 +0000 (16:29 -0400)