From: Russ Combs Date: Tue, 22 Nov 2016 02:45:49 +0000 (-0500) Subject: build 219 X-Git-Tag: 3.0.0-233~180 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=741618d6c663101bf4260b7c277ba24c2d8d420c;p=thirdparty%2Fsnort3.git build 219 --- diff --git a/ChangeLog b/ChangeLog index 342217b30..30f933125 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,23 @@ +16/11/21 - build 219 + +-- add dce auto detect to wizard +-- add MIME file processing to new http_inspect +-- add chapters on perf_monitor and file processing to user manual +-- appid refactoring and cleanup +-- many appid fixes for leaks, sanitizer, and analyzer issues +-- fix appid pattern matching for http +-- fix various race conditions reported by thread sanitizer +-- fix out-of-order FIN handling +-- fix cmake package name used in HS and HWLOC so that REQUIRED works +-- fix out-of-tree doc builds +-- fix image sizes to fit page; thanks to wyatuestc for reporting the issue +-- fix fast pattern selection when multiple designated + thanks to j.mcdowell@titanicsystems.com for reporting the issue +-- change -L to -K in README and manual; thanks to jncornett for reporting the issue +-- support compiling catch tests in standalone source files +-- create pid file after dropping privileges +-- improve detection and use of CppUTest in non-standard locations + 16/11/04 - build 218 -- fix shutdown stats diff --git a/src/codecs/link/cd_ciscometadata.cc b/src/codecs/link/cd_ciscometadata.cc index 537682f3e..377e4c973 100644 --- a/src/codecs/link/cd_ciscometadata.cc +++ b/src/codecs/link/cd_ciscometadata.cc @@ -93,7 +93,7 @@ bool CiscoMetaDataCodec::decode(const RawData& raw, CodecData& codec, DecodeData return false; } - const CiscoMetaDataOpt* cmd_options = + const CiscoMetaDataOpt* cmd_options = reinterpret_cast(raw.data + sizeof(CiscoMetaDataHdr)); // validate options, lengths, and SGTs cmdh_rem_len -= sizeof(CiscoMetaDataHdr) + sizeof(uint16_t); //2 octects for ethertype @@ -102,7 +102,7 @@ bool CiscoMetaDataCodec::decode(const RawData& raw, CodecData& codec, DecodeData for(int i = 0; cmdh_rem_len > 0; i++) { - // Top 3 bits (length) must be equal to 0 or 4 + // Top 3 bits (length) must be equal to 0 or 4 // Bottom 13 bits (type) must be 1 to indicate SGT const CiscoMetaDataOpt* opt = &cmd_options[i]; uint16_t len = ntohs(opt->opt_len_type) >> CISCO_META_OPT_LEN_SHIFT; diff --git a/src/connectors/tcp_connector/tcp_connector.cc b/src/connectors/tcp_connector/tcp_connector.cc index e94a6f420..b4758f94b 100644 --- a/src/connectors/tcp_connector/tcp_connector.cc +++ b/src/connectors/tcp_connector/tcp_connector.cc @@ -163,7 +163,7 @@ static TcpConnectorMsgHandle* read_message(int sock_fd) return handle; } - + void TcpConnector::process_receive() { TcpConnectorMsgHdr hdr; @@ -207,7 +207,7 @@ void TcpConnector::start_receive_thread() run_thread = true; receive_thread = new std::thread(&TcpConnector::receive_processing_thread, this); } - + void TcpConnector::stop_receive_thread() { if ( receive_thread != nullptr ) @@ -217,7 +217,7 @@ void TcpConnector::stop_receive_thread() delete receive_thread; } } - + TcpConnector::TcpConnector(TcpConnectorConfig* tcp_connector_config, int sfd) { DebugMessage(DEBUG_CONNECTORS,"TcpConnector::TcpConnector()\n"); @@ -440,7 +440,7 @@ static Connector* tcp_connector_tinit(ConnectorConfig* config) sprintf(port_string, "%5d", (cfg->base_port + instance)); TcpConnector* tcp_connector; - + if ( cfg->setup == TcpConnectorConfig::Setup::CALL ) tcp_connector = tcp_connector_tinit_call(cfg, port_string); else if ( cfg->setup == TcpConnectorConfig::Setup::ANSWER ) diff --git a/src/ips_options/ips_icmp_id.cc b/src/ips_options/ips_icmp_id.cc index 3f559d4dc..487196f5d 100644 --- a/src/ips_options/ips_icmp_id.cc +++ b/src/ips_options/ips_icmp_id.cc @@ -119,7 +119,7 @@ int IcmpIdOption::eval(Cursor&, Packet* p) (uint8_t)p->ptrs.icmph->type == icmp::Icmp6Types::ECHO_REPLY) ) { uint16_t icmp_id = ntohs(p->ptrs.icmph->s_icmp_id); - if ( config.eval( icmp_id ) ) + if ( config.eval( icmp_id ) ) return DETECTION_OPTION_MATCH; } return DETECTION_OPTION_NO_MATCH; diff --git a/src/ips_options/ips_rpc.cc b/src/ips_options/ips_rpc.cc index 55a6732bb..c8638aa48 100644 --- a/src/ips_options/ips_rpc.cc +++ b/src/ips_options/ips_rpc.cc @@ -64,7 +64,7 @@ public: bool operator==(const IpsOption&) const override; int eval(Cursor&, Packet*) override; - + private: uint32_t get_int(const uint8_t *&); bool check_rpc_call(const uint8_t *&); @@ -76,7 +76,7 @@ private: const uint32_t RPC_MSG_VERSION = 2; const uint32_t CALL = 0; - + RpcCheckData config; }; @@ -137,15 +137,15 @@ int RpcOption::eval(Cursor&, Packet* p) return DETECTION_OPTION_NO_MATCH; } -// check if there is a detection match +// check if there is a detection match bool RpcOption::is_match(Packet * p) -{ - // get pointer to packet data +{ + // get pointer to packet data const uint8_t* packet_data = p->data; - + // read xid.. not being used currently // so just move to the next int - packet_data += 4; + packet_data += 4; // read direction .. CALL or REPLY etc.. uint32_t message_type = get_int(packet_data); @@ -187,7 +187,7 @@ bool RpcOption::is_valid(Packet* p){ { return false; } - + // assumed to be valid packet return true; } @@ -214,11 +214,11 @@ bool RpcOption::check_rpc_call(const uint8_t*& packet_data) if ( !check_procedure(procedure) ) return false; - // if nothing fails, return a match + // if nothing fails, return a match return true; -} +} -// only check program values +// only check program values bool RpcOption::check_program( uint32_t program ) { return (config.program == program); @@ -231,8 +231,8 @@ bool RpcOption::check_version(uint32_t version) if(config.flags & RPC_CHECK_VERSION) { return (config.version == version); - } - + } + return true; } @@ -243,9 +243,9 @@ bool RpcOption::check_procedure( uint32_t procedure) { return (config.procedure == procedure); } - + return true; -} +} //------------------------------------------------------------------------- // module diff --git a/src/main/build.h b/src/main/build.h index 58dcdf52c..5006b508d 100644 --- a/src/main/build.h +++ b/src/main/build.h @@ -10,7 +10,7 @@ // // //-----------------------------------------------// -#define BUILD "218" +#define BUILD "219" #endif diff --git a/src/main/snort_debug.cc b/src/main/snort_debug.cc index f644fd5f2..54d630ba6 100644 --- a/src/main/snort_debug.cc +++ b/src/main/snort_debug.cc @@ -222,7 +222,7 @@ TEST_CASE("macros", "[trace]") TEST_CASE("trace_log", "[trace]") { Trace TRACE_NAME(testing) = TRACE_SECTION_2 | TRACE_SECTION_3; - + testing_dump[0] = '\0'; trace_log(testing, "my message"); CHECK( !strcmp(testing_dump, "testing: my message") ); @@ -239,7 +239,7 @@ TEST_CASE("trace_log", "[trace]") TEST_CASE("trace_logf", "[trace]") { Trace TRACE_NAME(testing) = TRACE_SECTION_2 | TRACE_SECTION_3; - + testing_dump[0] = '\0'; trace_logf(testing, "%s %s", "my", "message"); CHECK( !strcmp(testing_dump, "testing: my message") ); @@ -256,7 +256,7 @@ TEST_CASE("trace_logf", "[trace]") TEST_CASE("trace_debug", "[trace]") { Trace TRACE_NAME(testing) = TRACE_SECTION_2 | TRACE_SECTION_3; - + testing_dump[0] = '\0'; trace_debug(testing, "my message"); CHECK( !strcmp(testing_dump, "testing: " __FILE__ ":" sx(__LINE__) ": my message") ); @@ -271,7 +271,7 @@ TEST_CASE("trace_debug", "[trace]") TEST_CASE("trace_debugf", "[trace]") { Trace TRACE_NAME(testing) = TRACE_SECTION_2 | TRACE_SECTION_3; - + testing_dump[0] = '\0'; trace_debugf(testing, "%s %s", "my", "message"); CHECK( !strcmp(testing_dump, "testing: " __FILE__ ":" sx(__LINE__) ": my message") ); diff --git a/src/managers/module_manager.cc b/src/managers/module_manager.cc index ca0468110..e6c8cadd2 100644 --- a/src/managers/module_manager.cc +++ b/src/managers/module_manager.cc @@ -996,7 +996,7 @@ void ModuleManager::show_configs(const char* pfx, bool exact) { dump_field(s, pfx, m->params); } - + s = m->name; if ( m->default_params ) diff --git a/src/network_inspectors/appid/appid_http_event_handler.cc b/src/network_inspectors/appid/appid_http_event_handler.cc index 62911736c..944557339 100644 --- a/src/network_inspectors/appid/appid_http_event_handler.cc +++ b/src/network_inspectors/appid/appid_http_event_handler.cc @@ -37,7 +37,7 @@ static void replace_header_data(char **data, uint16_t &datalen, const uint8_t *h assert(data); if(*data) snort_free(*data); - + *data = (char*)snort_alloc(header_length + 1); memcpy(*data, header_start, header_length); *(*data + header_length) = '\0'; diff --git a/src/network_inspectors/appid/appid_module.cc b/src/network_inspectors/appid/appid_module.cc index 3cb005531..3638ca0f3 100644 --- a/src/network_inspectors/appid/appid_module.cc +++ b/src/network_inspectors/appid/appid_module.cc @@ -53,7 +53,7 @@ const PegInfo appid_pegs[] = { "bootp_flows", "count of bootp flows discovered by appid" }, { "dcerpc_tcp_flows", "count of dce rpc flows over tcp discovered by appid" }, { "dcerpc_udp_flows", "count of dce rpc flows over udp discovered by appid" }, - { "direct_connect_flows", "count of direct connect flows discovered by appid" }, + { "direct_connect_flows", "count of direct connect flows discovered by appid" }, { "dns_tcp_flows", "count of dns flows over tcp discovered by appid" }, { "dns_udp_flows", "count of dns flows over udp discovered by appid" }, { "ftp_flows", "count of ftp flows discovered by appid" }, diff --git a/src/network_inspectors/appid/appid_utils/sf_multi_mpse.h b/src/network_inspectors/appid/appid_utils/sf_multi_mpse.h index cdae5998d..d67459b25 100644 --- a/src/network_inspectors/appid/appid_utils/sf_multi_mpse.h +++ b/src/network_inspectors/appid/appid_utils/sf_multi_mpse.h @@ -36,7 +36,7 @@ int mlpAddPattern(void* root, const tMlpPattern** patterns, void* metaData); int mlpProcessPatterns(void* root); void* mlpMatchPatternLongest(void* root, tMlpPattern** inputPatternList); void* mlpMatchPatternUrl(void* root, tMlpPattern** inputPatternList); -void* mlpMatchPatternCustom(void* root, tMlpPattern** inputPatternList, +void* mlpMatchPatternCustom(void* root, tMlpPattern** inputPatternList, int (* callback)(void*, void*, int, void*, void*)); void mlpDestroy(void* root); void mlpDump(void* root); diff --git a/src/network_inspectors/appid/detector_plugins/detector_http.cc b/src/network_inspectors/appid/detector_plugins/detector_http.cc index ac854ca01..0c75bf596 100644 --- a/src/network_inspectors/appid/detector_plugins/detector_http.cc +++ b/src/network_inspectors/appid/detector_plugins/detector_http.cc @@ -1719,8 +1719,8 @@ static inline int optionallyReplaceWithStrdup(char** optionalStr, const char* st return 0; } -static inline uint8_t* continue_buffer_scan(const uint8_t* start, const uint8_t* end, MatchedPatterns* mp, - DetectorHTTPPattern* match) +static inline uint8_t* continue_buffer_scan( + const uint8_t* start, const uint8_t* end, MatchedPatterns* mp, DetectorHTTPPattern*) { uint8_t* bp = (uint8_t*) (start) + mp->index; if( (bp >= end) || (*bp != ' ' && *bp != 0x09 && *bp != '/') ) @@ -1861,10 +1861,10 @@ void identify_user_agent(const uint8_t* start, int size, AppId* serviceAppId, Ap case APP_ID_GOOGLE_DESKTOP: buffPtr = (uint8_t*)start + tmp->index; - + if(buffPtr >= end) - break; - + break; + if (*buffPtr != ')') { if (*buffPtr != ' ' && *buffPtr != 0x09 && *buffPtr != '/') @@ -1917,7 +1917,7 @@ void identify_user_agent(const uint8_t* start, int size, AppId* serviceAppId, Ap case APP_ID_WGET: buffPtr = (uint8_t*)start + tmp->index; if(buffPtr >= end) - break; + break; while (i < MAX_VERSION_SIZE - 1 && buffPtr < end) { temp_ver[i++] = *buffPtr++; @@ -1969,7 +1969,7 @@ void identify_user_agent(const uint8_t* start, int size, AppId* serviceAppId, Ap buffPtr = (uint8_t*)start + tmp->index; if(buffPtr >= end) - break; + break; if (*buffPtr == (uint8_t)'/') { @@ -2076,10 +2076,10 @@ int get_appid_by_pattern(const uint8_t* data, unsigned size, char** version) { case APP_ID_SQUID: data_ptr = (uint8_t*)data + mp->index; - + if (data_ptr >= end) break; - + if (*data_ptr == '/') { data_ptr++; diff --git a/src/network_inspectors/appid/detector_plugins/test/detector_smtp_test.cc b/src/network_inspectors/appid/detector_plugins/test/detector_smtp_test.cc index 4a56f700c..2679f5026 100644 --- a/src/network_inspectors/appid/detector_plugins/test/detector_smtp_test.cc +++ b/src/network_inspectors/appid/detector_plugins/test/detector_smtp_test.cc @@ -31,7 +31,7 @@ void Debug::print(const char*, int, uint64_t, const char*, ...) { } #endif -struct AddAppData +struct AddAppData { AppId client_id = 0; std::string *version_str = nullptr; @@ -46,7 +46,7 @@ void fake_add_app(AppIdSession*, AppId, AppId client_id, const char* version) app_data.version_str = new std::string(version); } -ClientAppApi fake_clientappapi = +ClientAppApi fake_clientappapi = { nullptr, nullptr, diff --git a/src/network_inspectors/appid/lua_detector_api.cc b/src/network_inspectors/appid/lua_detector_api.cc index 34dcff100..5aa8046ed 100644 --- a/src/network_inspectors/appid/lua_detector_api.cc +++ b/src/network_inspectors/appid/lua_detector_api.cc @@ -1808,7 +1808,7 @@ static int detector_port_only_service(lua_State* L) ud->appid_config->tcp_port_only[port] = appId; else if (protocol == 17) ud->appid_config->udp_port_only[port] = appId; - + AppInfoManager::get_instance().set_app_info_active(appId); return 0; diff --git a/src/network_inspectors/appid/test/appid_http_event_test.cc b/src/network_inspectors/appid/test/appid_http_event_test.cc index 9af6cbadc..6b45869c8 100644 --- a/src/network_inspectors/appid/test/appid_http_event_test.cc +++ b/src/network_inspectors/appid/test/appid_http_event_test.cc @@ -383,7 +383,7 @@ TEST(appid_http_event, handle_msg_header_no_headers_exist) { TestData test_data; test_data.scan_flags = 0; - + run_event_handler(test_data); } @@ -393,7 +393,7 @@ TEST(appid_http_event, handle_msg_header_only_host) TestData test_data; test_data.scan_flags = SCAN_HTTP_HOST_URL_FLAG; test_data.host = HOST; - + run_event_handler(test_data); } @@ -402,7 +402,7 @@ TEST(appid_http_event, handle_msg_header_cookie) TestData test_data; test_data.scan_flags = 0; test_data.cookie = COOKIE; - + run_event_handler(test_data); } @@ -412,7 +412,7 @@ TEST(appid_http_event, handle_msg_header_host_and_uri) test_data.scan_flags = SCAN_HTTP_HOST_URL_FLAG; test_data.host = HOST; test_data.uri = URI; - + run_event_handler(test_data); } @@ -421,7 +421,7 @@ TEST(appid_http_event, handle_msg_header_user_agent) TestData test_data; test_data.scan_flags = SCAN_HTTP_USER_AGENT_FLAG; test_data.useragent = USERAGENT; - + run_event_handler(test_data); } @@ -430,7 +430,7 @@ TEST(appid_http_event, handle_msg_header_x_working_with) TestData test_data; test_data.scan_flags = 0; test_data.x_working_with = X_WORKING_WITH; - + run_event_handler(test_data); } @@ -439,7 +439,7 @@ TEST(appid_http_event, handle_msg_header_referer) TestData test_data; test_data.scan_flags = 0; test_data.referer = REFERER; - + run_event_handler(test_data); } @@ -448,7 +448,7 @@ TEST(appid_http_event, handle_msg_header_via) TestData test_data; test_data.scan_flags = SCAN_HTTP_VIA_FLAG; test_data.via = VIA; - + run_event_handler(test_data); } @@ -459,7 +459,7 @@ TEST(appid_http_event, handle_msg_header_content_type) test_data.scan_flags = 0; test_data.http_flows = 0; // Flows are only counted on request header test_data.content_type = CONTENT_TYPE; - + run_event_handler(test_data); } @@ -470,7 +470,7 @@ TEST(appid_http_event, handle_msg_header_location) test_data.scan_flags = 0; test_data.http_flows = 0; // Flows are only counted on request header test_data.location = LOCATION; - + run_event_handler(test_data); } @@ -481,7 +481,7 @@ TEST(appid_http_event, handle_msg_header_server) test_data.scan_flags = 0; test_data.http_flows = 0; // Flows are only counted on request header test_data.server = SERVER; - + run_event_handler(test_data); } @@ -492,7 +492,7 @@ TEST(appid_http_event, handle_msg_header_response_code) test_data.scan_flags = 0; test_data.http_flows = 0; // Flows are only counted on request header test_data.response_code = RESPONSE_CODE; - + run_event_handler(test_data); } @@ -503,7 +503,7 @@ TEST(appid_http_event, handle_msg_header_response_code_out_of_range) test_data.scan_flags = 0; test_data.http_flows = 0; // Flows are only counted on request header test_data.response_code = 1000; - + TestData expect_data = test_data; expect_data.response_code = 0; @@ -530,7 +530,7 @@ TEST(appid_http_event, handle_msg_header_all_response_headers) test_data.referer = REFERER; test_data.useragent = USERAGENT; test_data.cookie = COOKIE; - + run_event_handler(test_data, &expect_data); } @@ -554,7 +554,7 @@ TEST(appid_http_event, handle_msg_header_all_request_headers) test_data.response_code = RESPONSE_CODE; test_data.content_type = CONTENT_TYPE; test_data.location = LOCATION; - + run_event_handler(test_data, &expect_data); } diff --git a/src/network_inspectors/binder/binder.cc b/src/network_inspectors/binder/binder.cc index f7455d498..33044da0c 100644 --- a/src/network_inspectors/binder/binder.cc +++ b/src/network_inspectors/binder/binder.cc @@ -521,7 +521,7 @@ int Binder::exec_eval_standby_flow( void* pv ) ++bstats.verdicts[stuff.action]; return 0; } - + int Binder::exec(int operation, void* pv) { switch( operation ) diff --git a/src/pub_sub/http_events.cc b/src/pub_sub/http_events.cc index a4881b903..ea0561356 100644 --- a/src/pub_sub/http_events.cc +++ b/src/pub_sub/http_events.cc @@ -41,7 +41,7 @@ const uint8_t* HttpEvent::get_header(unsigned id, uint64_t sub_id, int32_t& leng const uint8_t* HttpEvent::get_content_type(int32_t& length) { - return get_header(HttpEnums::HTTP_BUFFER_HEADER, + return get_header(HttpEnums::HTTP_BUFFER_HEADER, HttpEnums::HEAD_CONTENT_TYPE, length); } @@ -93,13 +93,13 @@ const uint8_t* HttpEvent::get_user_agent(int32_t& length) const uint8_t* HttpEvent::get_via(int32_t& length) { - return get_header(HttpEnums::HTTP_BUFFER_HEADER, HttpEnums::HEAD_VIA, + return get_header(HttpEnums::HTTP_BUFFER_HEADER, HttpEnums::HEAD_VIA, length); } const uint8_t* HttpEvent::get_x_working_with(int32_t& length) { - return get_header(HttpEnums::HTTP_BUFFER_HEADER, + return get_header(HttpEnums::HTTP_BUFFER_HEADER, HttpEnums::HEAD_X_WORKING_WITH, length); } diff --git a/src/pub_sub/sip_events.cc b/src/pub_sub/sip_events.cc index 4ed375267..890589972 100644 --- a/src/pub_sub/sip_events.cc +++ b/src/pub_sub/sip_events.cc @@ -71,7 +71,7 @@ SipEventMediaSession* SipEvent::next_media_session() { if( !current_media_session ) return nullptr; - + auto session = new SipEventMediaSession(current_media_session); sessions.push_front(session); @@ -97,13 +97,13 @@ SipEventMediaData* SipEventMediaSession::next_media_data() { if( !current_media_data ) return nullptr; - + auto d = new SipEventMediaData(current_media_data); data.push_front(d); - + current_media_data = current_media_data->nextM; - - return d; + + return d; } diff --git a/src/pub_sub/sip_events.h b/src/pub_sub/sip_events.h index b956593f0..2b559ddce 100644 --- a/src/pub_sub/sip_events.h +++ b/src/pub_sub/sip_events.h @@ -44,8 +44,8 @@ class SipEventMediaData { public: SipEventMediaData(SIP_MediaData* data) - { this->data = data; } - + { this->data = data; } + const sfip_t* get_address() const; uint16_t get_port() const; diff --git a/src/search_engines/test/search_tool_test.cc b/src/search_engines/test/search_tool_test.cc index 941cdf59b..99fa6de29 100644 --- a/src/search_engines/test/search_tool_test.cc +++ b/src/search_engines/test/search_tool_test.cc @@ -74,7 +74,7 @@ void LogValue(const char*, const char*, FILE* = stdout) { } -SO_PUBLIC void LogMessage(const char*, ...) +SO_PUBLIC void LogMessage(const char*, ...) { } diff --git a/src/service_inspectors/dce_rpc/dce_smb.cc b/src/service_inspectors/dce_rpc/dce_smb.cc index 24690c7a1..d03a4f7bf 100644 --- a/src/service_inspectors/dce_rpc/dce_smb.cc +++ b/src/service_inspectors/dce_rpc/dce_smb.cc @@ -1663,7 +1663,7 @@ static DCE2_SmbSsnData* dce2_create_new_smb_session(Packet* p, dce2SmbProtoConf* dce2_smb_sess->sd.wire_pkt = p; dce2_smb_sess->sd.config = (void*)config; } - + return dce2_smb_sess; } @@ -1677,7 +1677,7 @@ static DCE2_SmbSsnData* dce2_handle_smb_session(Packet* p, dce2SmbProtoConf* con { dce2_smb_sess = dce2_create_new_smb_session(p, config); } - + DebugFormat(DEBUG_DCE_SMB, "Session pointer: %p\n", (void*)dce2_smb_sess); return dce2_smb_sess; diff --git a/src/service_inspectors/http_inspect/http_msg_header.cc b/src/service_inspectors/http_inspect/http_msg_header.cc index 8c0bd7525..67eae6a20 100644 --- a/src/service_inspectors/http_inspect/http_msg_header.cc +++ b/src/service_inspectors/http_inspect/http_msg_header.cc @@ -398,7 +398,7 @@ void HttpMsgHeader::setup_utf_decoding() { charset_code = (CharsetCode)substr_to_code(last_token.start, last_token.length, HttpMsgHeadShared::charset_code_opt_list); - if( charset_code != CHARSET_UNKNOWN ) + if ( charset_code != CHARSET_UNKNOWN ) return; } else if ( charset_code == CHARSET_UTF7 ) diff --git a/src/service_inspectors/smtp/smtp_paf.cc b/src/service_inspectors/smtp/smtp_paf.cc index 729c9afaf..49a0464c0 100644 --- a/src/service_inspectors/smtp/smtp_paf.cc +++ b/src/service_inspectors/smtp/smtp_paf.cc @@ -303,7 +303,7 @@ static inline StreamSplitter::Status smtp_paf_client(SmtpPafData* pfdata, case SMTP_PAF_DATA_STATE: if (pfdata->cmd_info.search_id == SMTP_PAF_AUTH_CMD) { - if ( max_auth_command_line_len && + if ( max_auth_command_line_len && (((int)i + pfdata->data_info.boundary_len) > max_auth_command_line_len) && !alert_generated) { diff --git a/src/stream/base/stream_ha.cc b/src/stream/base/stream_ha.cc index 22fc140f5..a3ee4421a 100644 --- a/src/stream/base/stream_ha.cc +++ b/src/stream/base/stream_ha.cc @@ -92,7 +92,7 @@ bool StreamHAClient::consume(Flow*& flow, FlowKey* key, HAMessage* msg) assert(msg); // Is the message long enough to have our content? - if ( ((unsigned)(msg->content_length()) - (unsigned)(msg->cursor - msg->content())) < + if ( ((unsigned)(msg->content_length()) - (unsigned)(msg->cursor - msg->content())) < sizeof(SessionHAContent) ) return false; diff --git a/src/stream/tcp/tcp_session.cc b/src/stream/tcp/tcp_session.cc index 507271b87..8761c2494 100644 --- a/src/stream/tcp/tcp_session.cc +++ b/src/stream/tcp/tcp_session.cc @@ -359,7 +359,7 @@ void TcpSession::process_tcp_stream(TcpSegmentDescriptor& tsd) } void TcpSession::check_fin_transition_status(TcpSegmentDescriptor& tsd) { - if((tsd.get_seg_len() != 0) && + if((tsd.get_seg_len() != 0) && SEQ_EQ(listener->get_fin_final_seq(), listener->r_nxt_ack)) { listener->set_tcp_event(TcpStreamTracker::TCP_FIN_RECV_EVENT); diff --git a/src/stream/tcp/tcp_state_established.cc b/src/stream/tcp/tcp_state_established.cc index 3da4897b8..4737cf978 100644 --- a/src/stream/tcp/tcp_state_established.cc +++ b/src/stream/tcp/tcp_state_established.cc @@ -112,8 +112,8 @@ bool TcpStateEstablished::fin_sent(TcpSegmentDescriptor& tsd, TcpStreamTracker& listener = trk.session->client; trk.update_on_fin_sent(tsd); - if( SEQ_EQ(tsd.get_end_seq(), (listener->r_nxt_ack + tsd.get_seg_len())) || listener->process_inorder_fin() - || !listener->is_segment_seq_valid(tsd) ) + if ( SEQ_EQ(tsd.get_end_seq(), (listener->r_nxt_ack + tsd.get_seg_len())) || + listener->process_inorder_fin() || !listener->is_segment_seq_valid(tsd) ) { trk.session->eof_handle(tsd.get_pkt()); trk.set_tcp_state(TcpStreamTracker::TCP_FIN_WAIT1); diff --git a/tools/snort2lua/preprocessor_states/pps_nhttp_inspect_server.cc b/tools/snort2lua/preprocessor_states/pps_nhttp_inspect_server.cc index 083100b63..a12aa7f8b 100644 --- a/tools/snort2lua/preprocessor_states/pps_nhttp_inspect_server.cc +++ b/tools/snort2lua/preprocessor_states/pps_nhttp_inspect_server.cc @@ -163,13 +163,13 @@ bool NHttpInspectServer::convert(std::istringstream& data_stream) else if (!keyword.compare("ascii")) parse_deleted_option("ascii", data_stream); - + else if (!keyword.compare("utf_8")) { table_api.add_diff_option_comment("utf_8", "utf8"); tmpval = parse_yn_bool_option("utf8", data_stream, false); } - + else if (!keyword.compare("u_encode")) { table_api.add_diff_option_comment("u_encode", "percent_u");