Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

Bump Package Config XML file versions for Snort to 2.5.5 and fix one bug #424

Merged
merged 2 commits into from

2 participants

@bmeeks8

Change Log

Update Snort package version in the pkg_config.8.xml and pkg_config.8.xml.amd64 master package configuration files to version 2.5.5. Forgot to do this with the last push of new Snort package.

Fix longstanding bug in the enable/disable SID code that allows users to override default rules states by SID. The code was not actually changing the marked SIDs because an improperly constructed array was causing a match attempt to fail. This bug was reported again on the forums today, so I investigated. I was previously not aware it was not working properly. This has been broken since probably at least package version 2.5.3.

@bmeeks8

Fix a bug in the code for forced enabling or disabling of specific rules by SID that has existed from version 2.5.3. The code reading and parsing the SID values persisted in the configuration file was constructing an inappropriate array for the type of "in_arrary()" search being performed by the "snort_modify_sids()" function.

@cbuechler cbuechler merged commit 1197f1c into from
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
This page is out of date. Refresh to see the latest.
View
19 config/snort/snort.inc
@@ -1457,9 +1457,17 @@ function snort_load_sid_mods($sids, $value) {
/* This function parses the string of */
/* SID values in $sids and returns an */
/* array with the SID as the key and */
- /* passed $value as the value. The SID */
- /* values in $sids are assumed to be */
- /* delimited by "||". */
+ /* value. The SID values in $sids are */
+ /* assumed to be delimited by "||". */
+ /* */
+ /* $sids ==> string of SID values from */
+ /* saved config file. */
+ /* */
+ /* $value ==> type of mod (enable or */
+ /* disable). Not currently */
+ /* utilized, but maintained */
+ /* so as not to break legacy */
+ /* code elsewhere. */
/*****************************************/
$result = array();
@@ -1468,7 +1476,7 @@ function snort_load_sid_mods($sids, $value) {
$tmp = explode("||", $sids);
foreach ($tmp as $v) {
if (preg_match('/\s\d+/', $v, $match))
- $result[trim($match[0])] = $value;
+ $result[trim($match[0])] = trim($match[0]);
}
unset($tmp);
@@ -1513,14 +1521,13 @@ function snort_modify_sids(&$rule_map, $snortcfg) {
if (!empty($disablesid)) {
foreach ($rule_map as $k1 => $rulem) {
foreach ($rulem as $k2 => $v) {
- if (in_array($k2, $disablesid) && $v['disabled'] == 0) {
+ if (in_array($k2, $disablesid) && $v['disabled'] == 0) {
$rule_map[$k1][$k2]['rule'] = "# " . $v['rule'];
$rule_map[$k1][$k2]['disabled'] = 1;
}
}
}
}
-
unset($enablesid, $disablesid);
}
View
2  pkg_config.8.xml
@@ -512,7 +512,7 @@
<!-- Use both styles for now, since our snort port isn't yet optionsng, but barnyard2 and others are. -->
<build_options>barnyard2_UNSET=ODBC PGSQL PRELUDE;barnyard2_SET=GRE IPV6 MPLS MYSQL;snort_UNSET=TARGETBASED PERFPROFILE REACT;snort_SET=DECODERPRE FLEXRESP3 GRE IPV6 MPLS NORMALIZER ZLIB;perl_SET=THREADS;WITH_THREADS=yes;WITH_IPV6=true;WITH_MPLS=true;WITH_GRE=true;WITHOUT_TARGETBASED=true;WITH_DECODERPRE=true;WITH_ZLIB=true;WITH_NORMALIZER=true;WITHOUT_REACT=true;WITH_FLEXRESP3=true;WITHOUT_ODBC=true;WITHOUT_POSTGRESQL=true;WITHOUT_PRELUDE=true;NOPORTDOCS=true</build_options>
<config_file>http://www.pfsense.com/packages/config/snort/snort.xml</config_file>
- <version>2.9.4.1 pkg v. 2.5.4</version>
+ <version>2.9.4.1 pkg v. 2.5.5</version>
<required_version>2.0</required_version>
<status>Stable</status>
<configurationfile>/snort.xml</configurationfile>
View
2  pkg_config.8.xml.amd64
@@ -499,7 +499,7 @@
<!-- Use both styles for now, since our snort port isn't yet optionsng, but barnyard2 and others are. -->
<build_options>barnyard2_UNSET=ODBC PGSQL PRELUDE;barnyard2_SET=GRE IPV6 MPLS MYSQL;snort_UNSET=TARGETBASED PERFPROFILE REACT;snort_SET=DECODERPRE FLEXRESP3 GRE IPV6 MPLS NORMALIZER ZLIB;perl_SET=THREADS;WITH_THREADS=yes;WITH_IPV6=true;WITH_MPLS=true;WITH_GRE=true;WITHOUT_TARGETBASED=true;WITH_DECODERPRE=true;WITH_ZLIB=true;WITH_NORMALIZER=true;WITHOUT_REACT=true;WITH_FLEXRESP3=true;WITHOUT_ODBC=true;WITHOUT_POSTGRESQL=true;WITHOUT_PRELUDE=true;NOPORTDOCS=true</build_options>
<config_file>http://www.pfsense.com/packages/config/snort/snort.xml</config_file>
- <version>2.9.4.1 pkg v. 2.5.4</version>
+ <version>2.9.4.1 pkg v. 2.5.5</version>
<required_version>2.0</required_version>
<status>Stable</status>
<configurationfile>/snort.xml</configurationfile>
Something went wrong with that request. Please try again.