Project

General

Profile

Actions

Bug #4091

closed

byte_math: Offset is a signed value

Added by Jeff Lucovsky about 4 years ago. Updated almost 4 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

The Snort documentation defines the "offset_value" for byte_math to be a signed value.

Suricata uses an unsigned value:

    uint16_t offset; // struct DetectByteMathData_

    if (ByteExtractStringUint16(&bmd->offset, 10, strlen(tmp_str), (const char *)tmp_str) < 0) {

Actions

Also available in: Atom PDF