byte_jump with from_beginning option jumps too far
When using the from_beginning option byte_jump should jump from the start of the payload and it should not include the number of bytes to read the jump size in it's jump.
Depending on the rule this can lead to both FP and/or FN.
Will Metcalf reported this issue.
Updated by Victor Julien about 11 years ago
- Status changed from Assigned to Closed
commit bed30c30f1b942fb77998fdc3cb239b9dd216f77 Author: Victor Julien <email@example.com> Date: Tue Nov 13 17:49:41 2012 +0100 byte_jump: when from_beginning option is used, the number of bytes to convert should not be used in the jump. Bug 626.