thr3ads.net - netfilter buglog - [Bug 501] New: Boyer Moore textsearch fails to match text at certain offsets [Aug 2006]

If this information is useful, please help other people find it:
Share via:

bugzilla-daemon@bugzilla.netfilter.org

2006-Aug-17 05:36 UTC

[Bug 501] New: Boyer Moore textsearch fails to match text at certain offsets

https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=501

           Summary: Boyer Moore textsearch fails to match text at certain
                    offsets
           Product: netfilter/iptables
           Version: linux-2.6.x
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: ip_tables (kernel)
        AssignedTo: laforge@netfilter.org
        ReportedBy: mbr@cipherdyne.org


The compute_prefix_tbl() function in lib/ts_bm.c is called before bm->pattern
is
initialized, and this results in the following issue.  If the rule below is put
within the OUTPUT chain (note the slightly pattern "aaabbbccc"):

iptables -I OUTPUT -p tcp --dport 80 -m string --string "aaabbbccc"
--algo bm -j
LOG --log-prefix "bm "

...then the issuing the following commands fail to match the rule (no log
message is generated):

echo "1aaabbbccc" |nc <someserver> 80
echo "12aaabbbccc" |nc <someserver> 80
echo "1234aaabbbccc" |nc <someserver> 80

...but these do match:

echo "aaabbbccc" |nc <someserver> 80
echo "123aaabbbccc" |nc <someserver> 80

-- 
Configure bugmail:
https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

netfilter buglog - Aug 2006 - [Bug 501] New: Boyer Moore textsearch fails to match text at certain offsets

[Bug 501] New: Boyer Moore textsearch fails to match text at certain offsets