Skip to content

Comments

Make sure there's room for the full alert id in json alerts#1487

Merged
atomicturtle merged 1 commit intoossec:masterfrom
ddpbsd:alertid_fix
Aug 6, 2018
Merged

Make sure there's room for the full alert id in json alerts#1487
atomicturtle merged 1 commit intoossec:masterfrom
ddpbsd:alertid_fix

Conversation

@ddpbsd
Copy link
Member

@ddpbsd ddpbsd commented Aug 3, 2018

From gandalfn in wazuh pull request #1052:

> When writing rule id in json alerts file, the id is truncated and can be non unique, on intensive alerts generation.
> This is due snprintf buffer size which is too small to store id. Indeed id is composed of two long int (timestamp and log offset) then the size can be to 21 characters (10 digits for both timestamp and offset + the dot)
> The fix set id buffer to the correct size, and snprintf max size.

https://github.com/wazuh/wazuh/pull/1052

I'm not positive this affects us, but it probably doesn't hurt.

@ddpbsd
From gandalfn in wazuh pull request ossec#1052:
e28beb2 
  When writing rule id in json alerts file, the id is truncated and can be non unique, on intensive alerts generation.
  This is due snprintf buffer size which is too small to store id. Indeed id is composed of two long int (timestamp and log offset) then the size can be to 21 characters (10 digits for both timestamp and offset + the dot)
  The fix set id buffer to the correct size, and snprintf max size.

wazuh/wazuh#1052

I'm not positive this affects us, but it probably doesn't hurt.
@atomicturtle atomicturtle merged commit 813484e into ossec:master Aug 6, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ddpbsd @atomicturtle