Unknown keyword '' in rule! (BUG?)

[Alejandro Flores <alejandrorflores () gmail com>]

Hello,

I don't know if this was checked before, but...
If a rule has an additional ';' snort will fail with:
Unknown keyword '' in rule!
example:
alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"SCAN FIN";
flags:F,12; flow:stateless; reference:arachnids,27;
classtype:attempted-recon; sid:621; ; rev:6;)
IMHO, snort must check if the option is not null, before it attempt to
discover what kind of option is that. If snort can't parse a rule, it
should warn the user and discard that rule only, and not fail.
I'm not an expert C programmer, but I think it's very easy to fix it
in 'parsec.c' function ParseRuleOptions.

Regards,
Alejandro Flores


-------------------------------------------------------
This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
Tool for open source databases. Create drag-&-drop reports. Save time
by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
Download a FREE copy at http://www.intelliview.com/go/osdn_nl
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users