Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

GH-208: change invalid subnet expressions to a runtime error

Browse source 
Rather than abort.
This commit is contained in:
Jon Siwek 2019-01-30 12:01:46 -06:00
parent 67484a90fa
commit 01a8418d79
4 changed files with 65 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

15
src/Expr.cc
View file

@ -1795,7 +1795,20 @@ Val* DivideExpr::AddrFold(Val* v1, Val* v2) const
else else
mask = static_cast<uint32>(v2->InternalInt()); mask = static_cast<uint32>(v2->InternalInt());
return new SubNetVal(v1->AsAddr(), mask); auto& a = v1->AsAddr();
if ( a.GetFamily() == IPv4 )
{
if ( mask > 32 )
RuntimeError(fmt("bad IPv4 subnet prefix length: %" PRIu32, mask));
}
else
{
if ( mask > 128 )
RuntimeError(fmt("bad IPv6 subnet prefix length: %" PRIu32, mask));
}
return new SubNetVal(a, mask);
} }
IMPLEMENT_SERIAL(DivideExpr, SER_DIVIDE_EXPR); IMPLEMENT_SERIAL(DivideExpr, SER_DIVIDE_EXPR);

30
src/IPAddr.cc
View file

@ -216,7 +216,10 @@ IPPrefix::IPPrefix(const in4_addr& in4, uint8_t length)
: prefix(in4), length(96 + length) : prefix(in4), length(96 + length)
{ {
if ( length > 32 ) if ( length > 32 )
reporter->InternalError("Bad in4_addr IPPrefix length : %d", length); {
reporter->Error("Bad in4_addr IPPrefix length : %d", length);
this->length = 0;
}
prefix.Mask(this->length); prefix.Mask(this->length);
} }
@ -225,7 +228,10 @@ IPPrefix::IPPrefix(const in6_addr& in6, uint8_t length)
: prefix(in6), length(length) : prefix(in6), length(length)
{ {
if ( length > 128 ) if ( length > 128 )
reporter->InternalError("Bad in6_addr IPPrefix length : %d", length); {
reporter->Error("Bad in6_addr IPPrefix length : %d", length);
this->length = 0;
}
prefix.Mask(this->length); prefix.Mask(this->length);
} }
@ -236,19 +242,23 @@ IPPrefix::IPPrefix(const IPAddr& addr, uint8_t length, bool len_is_v6_relative)
if ( prefix.GetFamily() == IPv4 && ! len_is_v6_relative ) if ( prefix.GetFamily() == IPv4 && ! len_is_v6_relative )
{ {
if ( length > 32 ) if ( length > 32 )
reporter->InternalError("Bad IPAddr(v4) IPPrefix length : %d", {
length); reporter->Error("Bad IPAddr(v4) IPPrefix length : %d", length);
this->length = 0;
this->length = length + 96; }
else
this->length = length + 96;
} }
else else
{ {
if ( length > 128 ) if ( length > 128 )
reporter->InternalError("Bad IPAddr(v6) IPPrefix length : %d", {
length); reporter->Error("Bad IPAddr(v6) IPPrefix length : %d", length);
this->length = 0;
this->length = length; }
else
this->length = length;
} }
prefix.Mask(this->length); prefix.Mask(this->length);

5
testing/btest/Baseline/language.subnet-errors/out Normal file
View file

@ -0,0 +1,5 @@
expression error in /home/jon/pro/zeek/zeek/testing/btest/.tmp/language.subnet-errors/subnet-errors.bro, line 9: bad IPv4 subnet prefix length: 33 (1.2.3.4 / i)
expression error in /home/jon/pro/zeek/zeek/testing/btest/.tmp/language.subnet-errors/subnet-errors.bro, line 18: bad IPv6 subnet prefix length: 129 (:: / i)
1.2.3.4/32
::/128
init last

26
testing/btest/language/subnet-errors.bro Normal file
View file

@ -0,0 +1,26 @@
# @TEST-EXEC: bro -b %INPUT >out 2>&1
# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out
event bro_init()
{
local i = 32;
print 1.2.3.4/i;
++i;
print 1.2.3.4/i;
print "init 1";
}
event bro_init()
{
local i = 128;
print [::]/i;
++i;
print [::]/i;
print "init 1";
}
event bro_init() &priority=-10
{
print "init last";
}