Re: snort unaligned traps
Go ahead and hack at it. Just send whatever patches that you come up with
to either the maintainer or someone that's comfy with the architecture for
review (I'll volunteer here)...or both. When it comes to security stuff,
I usually like having an extra pair of eyes looking over patches,
On Sat, 9 Feb 2002, Michael Stroucken wrote:
> I did some further investigation of this, and it seems that in
> decode.c:1212,1194,1050,1080 the trap occurs when iph is dereferenced.
> The packet structure is a bunch of bitfields, not declared integer.
> Furthermore, the code ends up redefining stuff like u_int8_t (should it be
> using those at all, not uint8?).
> Since I don't know too much about the source of snort itself, and
> it is a security package, I'd rather not hack on it.
> "I'm not just a server, but I'm also a client." Debian GNU/Linux
> Michael Stroucken email@example.com Is your penguin 64 bit?
> To UNSUBSCRIBE, email to firstname.lastname@example.org
> with a subject of "unsubscribe". Trouble? Contact email@example.com