1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
|
--- a/configure.ac
+++ b/configure.ac
@@ -1109,7 +1109,7 @@
fi
if test -n "$GCC"; then
- CFLAGS="$CFLAGS -Wall"
+ CFLAGS="$CFLAGS -Wall -Wno-unused-but-set-variable"
fi
echo $CFLAGS > cflags.out
--- a/src/spooler.c
+++ b/src/spooler.c
@@ -41,7 +41,10 @@
#include "unified2.h"
#include "util.h"
-
+/**
+ * Missing signature for function defined in decider.c
+ */
+int DecodePacket(int linktype, Packet *p, const struct pcap_pkthdr *pkthdr, const uint8_t *pkt);
/*
** PRIVATE FUNCTIONS
--- a/src/decode.c
+++ b/src/decode.c
@@ -81,8 +81,10 @@
}
}
-int DecodePacket(int linktype, Packet *p, const struct DAQ_PktHdr_t *pkthdr, const uint8_t *pkt)
+int DecodePacket(int linktype, Packet *p, const struct pcap_pkthdr *_pkthdr, const uint8_t *pkt)
{
+ // valid cast as below code only references fields in 'struct pcap_pkthdr'
+ const DAQ_PktHdr_t* pkthdr = (const DAQ_PktHdr_t*)_pkthdr;
DEBUG_WRAP(DebugMessage(DEBUG_DECODE,"Decoding linktype %d\n",linktype););
switch(linktype)
{
--- a/src/output-plugins/spo_log_tcpdump.c
+++ b/src/output-plugins/spo_log_tcpdump.c
@@ -358,10 +357,7 @@
}
}
-static INLINE size_t SizeOf (const struct pcap_pkthdr *pkth)
-{
- return PCAP_PKT_HDR_SZ + pkth->caplen;
-}
+#define SizeOf(pkth) (PCAP_PKT_HDR_SZ + pkth->caplen)
static void LogTcpdumpSingle(Packet *p, void *event, uint32_t event_type, void *arg)
{
@@ -388,7 +384,7 @@
// else if ( data->size + dumpSize > data->limit )
// TcpdumpRollLogFile(data);
- pcap_dump((u_char *)data->dumpd, p->pkth, p->pkt);
+ pcap_dump((u_char *)data->dumpd, (const struct pcap_pkthdr *)p->pkth, p->pkt);
data->size += dumpSize;
if (!BcLineBufferedLogging())
--- a/src/output-plugins/spo_database_cache.c
+++ b/src/output-plugins/spo_database_cache.c
@@ -5298,7 +5298,7 @@
{
sigSeq = cacheLookup->obj.db_sig_id;
databasemaxSeq = 0;
- memset(sigRefArr,'\0',MAX_REF_OBJ);
+ memset(sigRefArr,'\0',MAX_REF_OBJ * sizeof(u_int32_t));
}
if(dbSignatureReferenceLookup(&cacheLookup->obj,tempCache,&rNode,1))
--- a/src/output-plugins/spo_alert_unixsock.c
+++ b/src/output-plugins/spo_alert_unixsock.c
@@ -251,8 +251,9 @@
alertpkt.pkth.caplen > PKT_SNAPLEN ? PKT_SNAPLEN : alertpkt.pkth.caplen);
}
else
+ {
alertpkt.val|=NOPACKET_STRUCT;
-
+ }
sn = GetSigByGidSid(ntohl(((Unified2EventCommon *)event)->generator_id),
ntohl(((Unified2EventCommon *)event)->signature_id),
ntohl(((Unified2EventCommon *)event)->signature_revision));
|