Bug #626: byte_jump with from_beginning option jumps too far - Suricata - Open Information Security Foundation

Actions

Copy link

Bug #626

closed

byte_jump with from_beginning option jumps too far

Added by Victor Julien over 11 years ago. Updated over 11 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Victor Julien

Target version:

1.3.4

Affected Versions:

Effort:

Difficulty:

Label:

Description

When using the from_beginning option byte_jump should jump from the start of the payload and it should not include the number of bytes to read the jump size in it's jump.

Depending on the rule this can lead to both FP and/or FN.

Will Metcalf reported this issue.

Subtasks 1 (0 open — 1 closed)

History
Notes
Property changes

Actions

Copy link

Updated by Victor Julien over 11 years ago

Status changed from Assigned to Closed

Fixed by:

commit bed30c30f1b942fb77998fdc3cb239b9dd216f77
Author: Victor Julien <victor@inliniac.net>
Date:   Tue Nov 13 17:49:41 2012 +0100

    byte_jump: when from_beginning option is used, the number of bytes to convert should not be used in the jump. Bug 626.

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Bug #626

byte_jump with from_beginning option jumps too far

Updated by Victor Julien over 11 years ago