Changeset 489

Timestamp:

05/16/09 11:07:10 (16 months ago)

Author:

mbr

Message:

Bug fix to allow fwsnort to properly translate snort rules that have
"content" fields with embedded escaped semicolons (e.g. "\;"). This
allows fwsnort to translate about 85 additional rules from the Emerging
Threats rule set.

Location:

fwsnort/trunk

Files:

• ChangeLog (modified) (1 diff)
• fwsnort (modified) (1 diff)

fwsnort/trunk/ChangeLog

@@ -8 +8 @@
       the content can be limited. If the content (null terminated string) is
       more than MAX_STRING_LEN chars, fwsnort throws the rule away.
+    - Bug fix to allow fwsnort to properly translate snort rules that have
+      "content" fields with embedded escaped semicolons (e.g. "\;").  This
+      allows fwsnort to translate about 85 additional rules from the Emerging
+      Threats rule set.
     - Updated to the latest complete rule set from Emerging Threats (see
       http://www.emergingthreats.net/).

fwsnort/trunk/fwsnort

@@ -936 +936 @@
     }
 
-    while ($rule_options =~ /(\w+):\s*(.*?)\s*;/g) {
+    while ($rule_options =~ /(\w+):\s*(.*?[^\x5c]);/g) {
         my $opt = $1;
         my $val = $2;