diff --git a/CHANGES b/CHANGES index 60f6c515e2..4dafe93f43 100644 --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,47 @@ +2.3-278 | 2014-11-03 18:55:18 -0800 + + * Add new curves from draft-ietf-tls-negotiated-ff-dhe to SSL + analysis. (Johanna Amann) + +2.3-274 | 2014-10-31 17:45:25 -0700 + + * Adding call to new binpac::init() function. (Robin Sommer) + +2.3-272 | 2014-10-31 16:29:42 -0700 + + * Fix segfault if when statement's RHS is unitialized. Addresses + BIT-1176. (Jon Siwek) + + * Fix checking vector indices via "in". Addresses BIT-1280. (Jon + Siwek) + +2.3-268 | 2014-10-31 12:12:22 -0500 + + * BIT-1283: Fix crash when using &encrypt. (Jon Siwek) + +2.3-267 | 2014-10-31 10:35:02 -0500 + + * BIT-1284: Allow arbitrary when statement timeout expressions + (Jon Siwek) + +2.3-266 | 2014-10-31 09:21:28 -0500 + + * BIT-1166: Add configure options to fine tune local state dirs used + by BroControl. (Jon Siwek) + +2.3-264 | 2014-10-30 13:25:57 -0500 + + * Fix some minor Coverity Scan complaints. (Jon Siwek) + +2.3-263 | 2014-10-28 15:09:10 -0500 + + * Fix checking of fwrite return values (Johanna Amann) + +2.3-260 | 2014-10-27 12:54:17 -0500 + + * Fix errors/warnings when compiling with -std=c++11 (Jon Siwek) + 2.3-259 | 2014-10-27 10:04:04 -0500 * Documentation fixes. (Vicente Jimenez Aguilar and Stefano Azzalini) diff --git a/VERSION b/VERSION index 2ca780950f..5dd2c9f17c 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.3-259 +2.3-278 diff --git a/aux/binpac b/aux/binpac index c8e017b4b1..77a86591dc 160000 --- a/aux/binpac +++ b/aux/binpac @@ -1 +1 @@ -Subproject commit c8e017b4b1893cf254fc2bc8eedd86b852a2e654 +Subproject commit 77a86591dcf89d7252d3676d3f1199d6c927d073 diff --git a/aux/broctl b/aux/broctl index 2b13bfcc94..39e865dec9 160000 --- a/aux/broctl +++ b/aux/broctl @@ -1 +1 @@ -Subproject commit 2b13bfcc941018c76f74b81a6e74e5e4e723c747 +Subproject commit 39e865dec9611b9b53b609cbc8df519cebae0a1e diff --git a/configure b/configure index 5747586db8..2b1c568b26 100755 --- a/configure +++ b/configure @@ -24,6 +24,13 @@ Usage: $0 [OPTION]... [VAR=VALUE]... --prefix=PREFIX installation directory [/usr/local/bro] --scriptdir=PATH root installation directory for Bro scripts [PREFIX/share/bro] + --localstatedir=PATH when using BroControl, path to store log files + and run-time data (within log/ and spool/ subdirs) + [PREFIX] + --spooldir=PATH when using BroControl, path to store run-time data + [PREFIX/spool] + --logdir=PATH when using BroControl, path to store log file + [PREFIX/logs] --conf-files-dir=PATH config files installation directory [PREFIX/etc] Optional Features: @@ -144,6 +151,15 @@ while [ $# -ne 0 ]; do append_cache_entry BRO_ETC_INSTALL_DIR PATH $optarg user_set_conffilesdir="true" ;; + --localstatedir=*) + append_cache_entry BRO_LOCAL_STATE_DIR PATH $optarg + ;; + --spooldir=*) + append_cache_entry BRO_SPOOL_DIR PATH $optarg + ;; + --logdir=*) + append_cache_entry BRO_LOG_DIR PATH $optarg + ;; --enable-debug) append_cache_entry ENABLE_DEBUG BOOL true ;; diff --git a/pkg/make-deb-packages b/pkg/make-deb-packages index 432de8336a..0a435a756f 100755 --- a/pkg/make-deb-packages +++ b/pkg/make-deb-packages @@ -16,6 +16,7 @@ the 'dpkg-dev' package, please install it first. } prefix=/opt/bro +localstatedir=/var/opt/bro # During the packaging process, `dpkg-shlibs` will fail if used on a library # that links to other internal/project libraries unless an RPATH is used or @@ -31,7 +32,7 @@ cd .. ( cd build && make package ) # Full Bro package -./configure --prefix=${prefix} --pkg-name-prefix=Bro --binary-package +./configure --prefix=${prefix} --localstatedir=${localstatedir} --pkg-name-prefix=Bro --binary-package ( cd build && make package ) # Broccoli @@ -42,6 +43,6 @@ cd ../.. # Broctl cd aux/broctl -./configure --prefix=${prefix} --binary-package +./configure --prefix=${prefix} --localstatedir=${localstatedir} --binary-package ( cd build && make package && mv *.deb ../../../build/ ) cd ../.. diff --git a/pkg/make-rpm-packages b/pkg/make-rpm-packages index 9560cc80ff..43b962f417 100755 --- a/pkg/make-rpm-packages +++ b/pkg/make-rpm-packages @@ -15,6 +15,7 @@ the 'rpm-build' package, please install it first. } prefix=/opt/bro +localstatedir=/var/opt/bro cd .. @@ -24,7 +25,7 @@ cd .. ( cd build && make package ) # Full Bro package -./configure --prefix=${prefix} --pkg-name-prefix=Bro --binary-package +./configure --prefix=${prefix} --localstatedir=${localstatedir} --pkg-name-prefix=Bro --binary-package ( cd build && make package ) # Broccoli @@ -35,6 +36,6 @@ cd ../.. # Broctl cd aux/broctl -./configure --prefix=${prefix} --binary-package +./configure --prefix=${prefix} --localstatedir=${localstatedir} --binary-package ( cd build && make package && mv *.rpm ../../../build/ ) cd ../.. diff --git a/scripts/base/protocols/ssl/consts.bro b/scripts/base/protocols/ssl/consts.bro index 54952988f0..278a2a37ae 100644 --- a/scripts/base/protocols/ssl/consts.bro +++ b/scripts/base/protocols/ssl/consts.bro @@ -158,6 +158,12 @@ export { [26] = "brainpoolP256r1", [27] = "brainpoolP384r1", [28] = "brainpoolP512r1", + # draft-ietf-tls-negotiated-ff-dhe-02 + [256] = "ffdhe2432", + [257] = "ffdhe3072", + [258] = "ffdhe4096", + [259] = "ffdhe6144", + [260] = "ffdhe8192", [0xFF01] = "arbitrary_explicit_prime_curves", [0xFF02] = "arbitrary_explicit_char2_curves" } &default=function(i: count):string { return fmt("unknown-%d", i); }; diff --git a/src/Brofiler.cc b/src/Brofiler.cc index 777be52217..e7d8c8fdeb 100644 --- a/src/Brofiler.cc +++ b/src/Brofiler.cc @@ -96,7 +96,7 @@ bool Brofiler::WriteStats() map, uint64 >::const_iterator it; for ( it = usage_map.begin(); it != usage_map.end(); ++it ) { - fprintf(f, "%"PRIu64"%c%s%c%s\n", it->second, delim, + fprintf(f, "%" PRIu64"%c%s%c%s\n", it->second, delim, it->first.first.c_str(), delim, it->first.second.c_str()); } diff --git a/src/DNS_Mgr.cc b/src/DNS_Mgr.cc index 2c049ba803..11fd258d09 100644 --- a/src/DNS_Mgr.cc +++ b/src/DNS_Mgr.cc @@ -214,7 +214,7 @@ DNS_Mapping::DNS_Mapping(FILE* f) char req_buf[512+1], name_buf[512+1]; int is_req_host; - if ( sscanf(buf, "%lf %d %512s %d %512s %d %d %"PRIu32, &creation_time, + if ( sscanf(buf, "%lf %d %512s %d %512s %d %d %" PRIu32, &creation_time, &is_req_host, req_buf, &failed, name_buf, &map_type, &num_addrs, &req_ttl) != 8 ) return; @@ -360,7 +360,7 @@ void DNS_Mapping::Clear() void DNS_Mapping::Save(FILE* f) const { - fprintf(f, "%.0f %d %s %d %s %d %d %"PRIu32"\n", creation_time, req_host != 0, + fprintf(f, "%.0f %d %s %d %s %d %d %" PRIu32"\n", creation_time, req_host != 0, req_host ? req_host : req_addr.AsString().c_str(), failed, (names && names[0]) ? names[0] : "*", map_type, num_addrs, req_ttl); diff --git a/src/Expr.cc b/src/Expr.cc index 4a29c11cb5..c7ea906865 100644 --- a/src/Expr.cc +++ b/src/Expr.cc @@ -636,7 +636,7 @@ Val* BinaryExpr::Eval(Frame* f) const return v_result; } - if ( is_vec1 || is_vec2 ) + if ( IsVector(Type()->Tag()) && (is_vec1 || is_vec2) ) { // fold vector against scalar VectorVal* vv = (is_vec1 ? v1 : v2)->AsVectorVal(); VectorVal* v_result = new VectorVal(Type()->AsVectorType()); @@ -4703,8 +4703,14 @@ Val* InExpr::Fold(Val* v1, Val* v2) const v2->Type()->Tag() == TYPE_SUBNET ) return new Val(v2->AsSubNetVal()->Contains(v1->AsAddr()), TYPE_BOOL); - TableVal* vt = v2->AsTableVal(); - if ( vt->Lookup(v1, false) ) + Val* res; + + if ( is_vector(v2) ) + res = v2->AsVectorVal()->Lookup(v1); + else + res = v2->AsTableVal()->Lookup(v1, false); + + if ( res ) return new Val(1, TYPE_BOOL); else return new Val(0, TYPE_BOOL); diff --git a/src/File.cc b/src/File.cc index bf6a7e7f51..e62ca732cd 100644 --- a/src/File.cc +++ b/src/File.cc @@ -527,7 +527,7 @@ void BroFile::SetAttrs(Attributes* arg_attrs) if ( ef->AttrExpr() ) InitEncrypt(ef->AttrExpr()->ExprVal()->AsString()->CheckString()); else - InitEncrypt(log_encryption_key->AsString()->CheckString()); + InitEncrypt(opt_internal_string("log_encryption_key")->CheckString()); } if ( attrs->FindAttr(ATTR_RAW_OUTPUT) ) @@ -708,10 +708,10 @@ void BroFile::InitEncrypt(const char* keyfile) secret_len = htonl(secret_len); - if ( ! (fwrite("BROENC1", 7, 1, f) && - fwrite(&secret_len, sizeof(secret_len), 1, f) && - fwrite(secret, ntohl(secret_len), 1, f) && - fwrite(iv, iv_len, 1, f)) ) + if ( fwrite("BROENC1", 7, 1, f) < 1 || + fwrite(&secret_len, sizeof(secret_len), 1, f) < 1 || + fwrite(secret, ntohl(secret_len), 1, f) < 1 || + fwrite(iv, iv_len, 1, f) < 1 ) { reporter->Error("can't write header to log file %s: %s", name, strerror(errno)); @@ -736,7 +736,7 @@ void BroFile::FinishEncrypt() int outl; EVP_SealFinal(cipher_ctx, cipher_buffer, &outl); - if ( outl && ! fwrite(cipher_buffer, outl, 1, f) ) + if ( outl && fwrite(cipher_buffer, outl, 1, f) < 1 ) { reporter->Error("write error for %s: %s", name, strerror(errno)); @@ -777,7 +777,7 @@ int BroFile::Write(const char* data, int len) return 0; } - if ( outl && ! fwrite(cipher_buffer, outl, 1, f) ) + if ( outl && fwrite(cipher_buffer, outl, 1, f) < 1 ) { reporter->Error("write error for %s: %s", name, strerror(errno)); @@ -792,8 +792,7 @@ int BroFile::Write(const char* data, int len) return 1; } - len = fwrite(data, 1, len, f); - if ( len <= 0 ) + if ( fwrite(data, len, 1, f) < 1 ) return false; if ( rotate_size && current_size < rotate_size && current_size + len >= rotate_size ) diff --git a/src/Flare.cc b/src/Flare.cc index dcb5fa2c1f..5df6d663aa 100644 --- a/src/Flare.cc +++ b/src/Flare.cc @@ -22,7 +22,7 @@ static void bad_pipe_op(const char* which) void Flare::Fire() { - char tmp; + char tmp = 0; for ( ; ; ) { diff --git a/src/H3.h b/src/H3.h index 321fda924b..3b4b9ee539 100644 --- a/src/H3.h +++ b/src/H3.h @@ -110,7 +110,7 @@ public: T result = 0; // loop optmized with Duff's Device - register unsigned n = (size + 7) / 8; + unsigned n = (size + 7) / 8; switch ( size % 8 ) { case 0: do { result ^= byte_lookup[offset++][*p++]; case 7: result ^= byte_lookup[offset++][*p++]; diff --git a/src/Reassem.cc b/src/Reassem.cc index 27fb26561f..1ad0cb2717 100644 --- a/src/Reassem.cc +++ b/src/Reassem.cc @@ -182,7 +182,7 @@ DataBlock* Reassembler::AddAndCheck(DataBlock* b, uint64 seq, uint64 upper, { if ( DEBUG_reassem ) { - DEBUG_MSG("%.6f Reassembler::AddAndCheck seq=%"PRIu64", upper=%"PRIu64"\n", + DEBUG_MSG("%.6f Reassembler::AddAndCheck seq=%" PRIu64", upper=%" PRIu64"\n", network_time, seq, upper); } diff --git a/src/RemoteSerializer.cc b/src/RemoteSerializer.cc index b475c4a8cc..9756e0b0ae 100644 --- a/src/RemoteSerializer.cc +++ b/src/RemoteSerializer.cc @@ -707,7 +707,7 @@ RemoteSerializer::PeerID RemoteSerializer::Connect(const IPAddr& ip, const size_t BUFSIZE = 1024; char* data = new char[BUFSIZE]; snprintf(data, BUFSIZE, - "%"PRI_PTR_COMPAT_UINT",%s,%s,%"PRIu16",%"PRIu32",%d", p->id, + "%" PRI_PTR_COMPAT_UINT",%s,%s,%" PRIu16",%" PRIu32",%d", p->id, ip.AsString().c_str(), zone_id.c_str(), port, uint32(retry), use_ssl); @@ -1267,7 +1267,7 @@ bool RemoteSerializer::Listen(const IPAddr& ip, uint16 port, bool expect_ssl, const size_t BUFSIZE = 1024; char* data = new char[BUFSIZE]; - snprintf(data, BUFSIZE, "%s,%"PRIu16",%d,%d,%s,%"PRIu32, + snprintf(data, BUFSIZE, "%s,%" PRIu16",%d,%d,%s,%" PRIu32, ip.AsString().c_str(), port, expect_ssl, ipv6, zone_id.c_str(), (uint32) retry); @@ -4075,7 +4075,7 @@ bool SocketComm::Connect(Peer* peer) const size_t BUFSIZE = 1024; char* data = new char[BUFSIZE]; - snprintf(data, BUFSIZE, "%s,%"PRIu32, peer->ip.AsString().c_str(), + snprintf(data, BUFSIZE, "%s,%" PRIu32, peer->ip.AsString().c_str(), peer->port); if ( ! SendToParent(MSG_CONNECTED, peer, data) ) @@ -4190,7 +4190,7 @@ bool SocketComm::Listen() setsockopt(fd, IPPROTO_IPV6, IPV6_V6ONLY, &on, sizeof(on)) < 0 ) Error(fmt("can't set IPV6_V6ONLY, %s", strerror(errno))); - if ( bind(fd, res->ai_addr, res->ai_addrlen) < 0 ) + if ( ::bind(fd, res->ai_addr, res->ai_addrlen) < 0 ) { Error(fmt("can't bind to %s:%s, %s", l_addr_str.c_str(), port_str, strerror(errno))); @@ -4287,7 +4287,7 @@ bool SocketComm::AcceptConnection(int fd) const size_t BUFSIZE = 1024; char* data = new char[BUFSIZE]; - snprintf(data, BUFSIZE, "%s,%"PRIu32, peer->ip.AsString().c_str(), + snprintf(data, BUFSIZE, "%s,%" PRIu32, peer->ip.AsString().c_str(), peer->port); if ( ! SendToParent(MSG_CONNECTED, peer, data) ) diff --git a/src/SerializationFormat.cc b/src/SerializationFormat.cc index 6a133d64e4..58935fe175 100644 --- a/src/SerializationFormat.cc +++ b/src/SerializationFormat.cc @@ -541,19 +541,19 @@ bool XMLSerializationFormat::Write(uint16 v, const char* tag) bool XMLSerializationFormat::Write(uint32 v, const char* tag) { - const char* tmp = fmt("%"PRIu32, v); + const char* tmp = fmt("%" PRIu32, v); return WriteElem(tag, "uint32", tmp, strlen(tmp)); } bool XMLSerializationFormat::Write(uint64 v, const char* tag) { - const char* tmp = fmt("%"PRIu64, v); + const char* tmp = fmt("%" PRIu64, v); return WriteElem(tag, "uint64", tmp, strlen(tmp)); } bool XMLSerializationFormat::Write(int64 v, const char* tag) { - const char* tmp = fmt("%"PRId64, v); + const char* tmp = fmt("%" PRId64, v); return WriteElem(tag, "int64", tmp, strlen(tmp)); } diff --git a/src/Sessions.cc b/src/Sessions.cc index 43e55dd95a..ffc2baf944 100644 --- a/src/Sessions.cc +++ b/src/Sessions.cc @@ -544,7 +544,7 @@ void NetSessions::DoNextPacket(double t, const struct pcap_pkthdr* hdr, if ( proto_typ != 0x0800 && proto_typ != 0x86dd ) { // Not IPv4/IPv6 payload. - Weird(fmt("unknown_gre_protocol_%"PRIu16, proto_typ), ip_hdr, + Weird(fmt("unknown_gre_protocol_%" PRIu16, proto_typ), ip_hdr, encapsulation); return; } diff --git a/src/Stats.cc b/src/Stats.cc index 6cf9a622e1..01ca0a41d3 100644 --- a/src/Stats.cc +++ b/src/Stats.cc @@ -160,7 +160,7 @@ void ProfileLogger::Log() file->Write(fmt("%.06f Connections expired due to inactivity: %d\n", network_time, killed_by_inactivity)); - file->Write(fmt("%.06f Total reassembler data: %"PRIu64"K\n", network_time, + file->Write(fmt("%.06f Total reassembler data: %" PRIu64"K\n", network_time, Reassembler::TotalMemoryAllocation() / 1024)); // Signature engine. diff --git a/src/Trigger.cc b/src/Trigger.cc index ed5d0e18f6..099027f4e0 100644 --- a/src/Trigger.cc +++ b/src/Trigger.cc @@ -131,18 +131,19 @@ Trigger::Trigger(Expr* arg_cond, Stmt* arg_body, Stmt* arg_timeout_stmts, arg_frame->SetDelayed(); } - Val* timeout = arg_timeout ? arg_timeout->ExprVal() : 0; + Val* timeout_val = arg_timeout ? arg_timeout->Eval(arg_frame) : 0; // Make sure we don't get deleted if somebody calls a method like // Timeout() while evaluating the trigger. Ref(this); - if ( ! Eval() && timeout ) + if ( ! Eval() && timeout_val ) { - timer = new TriggerTimer(timeout->AsInterval(), this); + timer = new TriggerTimer(timeout_val->AsInterval(), this); timer_mgr->Add(timer); } + Unref(timeout_val); Unref(this); } @@ -206,7 +207,7 @@ bool Trigger::Eval() return false; } - if ( v->IsZero() ) + if ( ! v || v->IsZero() ) { // Not true. Perhaps next time... DBG_LOG(DBG_NOTIFIERS, "%s: trigger condition is false", Name()); diff --git a/src/analyzer/Analyzer.cc b/src/analyzer/Analyzer.cc index fb5602f96e..b4048af467 100644 --- a/src/analyzer/Analyzer.cc +++ b/src/analyzer/Analyzer.cc @@ -598,7 +598,7 @@ SupportAnalyzer* Analyzer::FirstSupportAnalyzer(bool orig) void Analyzer::DeliverPacket(int len, const u_char* data, bool is_orig, uint64 seq, const IP_Hdr* ip, int caplen) { - DBG_LOG(DBG_ANALYZER, "%s DeliverPacket(%d, %s, %"PRIu64", %p, %d) [%s%s]", + DBG_LOG(DBG_ANALYZER, "%s DeliverPacket(%d, %s, %" PRIu64", %p, %d) [%s%s]", fmt_analyzer(this).c_str(), len, is_orig ? "T" : "F", seq, ip, caplen, fmt_bytes((const char*) data, min(40, len)), len > 40 ? "..." : ""); } @@ -612,7 +612,7 @@ void Analyzer::DeliverStream(int len, const u_char* data, bool is_orig) void Analyzer::Undelivered(uint64 seq, int len, bool is_orig) { - DBG_LOG(DBG_ANALYZER, "%s Undelivered(%"PRIu64", %d, %s)", + DBG_LOG(DBG_ANALYZER, "%s Undelivered(%" PRIu64", %d, %s)", fmt_analyzer(this).c_str(), seq, len, is_orig ? "T" : "F"); } diff --git a/src/analyzer/protocol/http/HTTP.cc b/src/analyzer/protocol/http/HTTP.cc index e63c8280c9..924c958e43 100644 --- a/src/analyzer/protocol/http/HTTP.cc +++ b/src/analyzer/protocol/http/HTTP.cc @@ -416,7 +416,7 @@ void HTTP_Entity::SubmitHeader(mime::MIME_Header* h) int64_t len = l - f + 1; if ( DEBUG_http ) - DEBUG_MSG("Content-Range length = %"PRId64"\n", len); + DEBUG_MSG("Content-Range length = %" PRId64"\n", len); if ( len > 0 ) { @@ -1060,7 +1060,7 @@ void HTTP_Analyzer::Undelivered(uint64 seq, int len, bool is_orig) { if ( msg ) msg->SubmitEvent(mime::MIME_EVENT_CONTENT_GAP, - fmt("seq=%"PRIu64", len=%d", seq, len)); + fmt("seq=%" PRIu64", len=%d", seq, len)); } // Check if the content gap falls completely within a message body diff --git a/src/analyzer/protocol/smtp/SMTP.cc b/src/analyzer/protocol/smtp/SMTP.cc index 61ed1a4949..a835672378 100644 --- a/src/analyzer/protocol/smtp/SMTP.cc +++ b/src/analyzer/protocol/smtp/SMTP.cc @@ -21,7 +21,9 @@ static const char* smtp_cmd_word[] = { #include "SMTP_cmd.def" }; -#define SMTP_CMD_WORD(code) ((code >= 0) ? smtp_cmd_word[code] : "(UNKNOWN)") +static const char* unknown_cmd = "(UNKNOWN)"; + +#define SMTP_CMD_WORD(code) ((code >= 0) ? smtp_cmd_word[code] : unknown_cmd) SMTP_Analyzer::SMTP_Analyzer(Connection* conn) @@ -83,7 +85,7 @@ void SMTP_Analyzer::Undelivered(uint64 seq, int len, bool is_orig) if ( len <= 0 ) return; - const char* buf = fmt("seq = %"PRIu64", len = %d", seq, len); + const char* buf = fmt("seq = %" PRIu64", len = %d", seq, len); int buf_len = strlen(buf); Unexpected(is_orig, "content gap", buf_len, buf); @@ -422,7 +424,6 @@ void SMTP_Analyzer::NewReply(const int reply_code) if ( state == SMTP_AFTER_GAP && reply_code > 0 ) { state = SMTP_GAP_RECOVERY; - const char* unknown_cmd = SMTP_CMD_WORD(-1); RequestEvent(strlen(unknown_cmd), unknown_cmd, 0, ""); /* if ( line_after_gap ) diff --git a/src/analyzer/protocol/snmp/snmp-analyzer.pac b/src/analyzer/protocol/snmp/snmp-analyzer.pac index cc190e6ebe..feb4474feb 100644 --- a/src/analyzer/protocol/snmp/snmp-analyzer.pac +++ b/src/analyzer/protocol/snmp/snmp-analyzer.pac @@ -84,7 +84,7 @@ StringVal* asn1_oid_to_val(const ASN1Encoding* oid) if ( i > 0 ) { rval += "."; - snprintf(tmp, sizeof(tmp), "%"PRIu64, subidentifier_values[i]); + snprintf(tmp, sizeof(tmp), "%" PRIu64, subidentifier_values[i]); rval += tmp; } else diff --git a/src/analyzer/protocol/tcp/TCP.cc b/src/analyzer/protocol/tcp/TCP.cc index f9fb0fb2b7..88def89689 100644 --- a/src/analyzer/protocol/tcp/TCP.cc +++ b/src/analyzer/protocol/tcp/TCP.cc @@ -1901,7 +1901,7 @@ void TCP_ApplicationAnalyzer::DeliverPacket(int len, const u_char* data, const IP_Hdr* ip, int caplen) { Analyzer::DeliverPacket(len, data, is_orig, seq, ip, caplen); - DBG_LOG(DBG_ANALYZER, "TCP_ApplicationAnalyzer ignoring DeliverPacket(%d, %s, %"PRIu64", %p, %d) [%s%s]", + DBG_LOG(DBG_ANALYZER, "TCP_ApplicationAnalyzer ignoring DeliverPacket(%d, %s, %" PRIu64", %p, %d) [%s%s]", len, is_orig ? "T" : "F", seq, ip, caplen, fmt_bytes((const char*) data, min(40, len)), len > 40 ? "..." : ""); } @@ -2053,7 +2053,7 @@ int TCPStats_Endpoint::DataSent(double /* t */, uint64 seq, int len, int caplen, num_rxmit_bytes += len; } - DEBUG_MSG("%.6f rexmit %"PRIu64" + %d <= %"PRIu64" data_in_flight = %d\n", + DEBUG_MSG("%.6f rexmit %" PRIu64" + %d <= %" PRIu64" data_in_flight = %d\n", network_time, seq, len, max_top_seq, data_in_flight); if ( tcp_rexmit ) diff --git a/src/analyzer/protocol/tcp/TCP_Reassembler.cc b/src/analyzer/protocol/tcp/TCP_Reassembler.cc index 0f7699011e..e00e32ef1b 100644 --- a/src/analyzer/protocol/tcp/TCP_Reassembler.cc +++ b/src/analyzer/protocol/tcp/TCP_Reassembler.cc @@ -188,7 +188,7 @@ void TCP_Reassembler::Undelivered(uint64 up_to_seq) if ( DEBUG_tcp_contents ) { - DEBUG_MSG("%.6f Undelivered: IsOrig()=%d up_to_seq=%"PRIu64", last_reassm=%"PRIu64", " + DEBUG_MSG("%.6f Undelivered: IsOrig()=%d up_to_seq=%" PRIu64", last_reassm=%" PRIu64", " "endp: FIN_cnt=%d, RST_cnt=%d, " "peer: FIN_cnt=%d, RST_cnt=%d\n", network_time, IsOrig(), up_to_seq, last_reassem_seq, @@ -219,7 +219,7 @@ void TCP_Reassembler::Undelivered(uint64 up_to_seq) { if ( DEBUG_tcp_contents ) { - DEBUG_MSG("%.6f Undelivered: IsOrig()=%d, seq=%"PRIu64", len=%"PRIu64", " + DEBUG_MSG("%.6f Undelivered: IsOrig()=%d, seq=%" PRIu64", len=%" PRIu64", " "skip_deliveries=%d\n", network_time, IsOrig(), last_reassem_seq, up_to_seq - last_reassem_seq, @@ -350,7 +350,7 @@ void TCP_Reassembler::RecordBlock(DataBlock* b, BroFile* f) void TCP_Reassembler::RecordGap(uint64 start_seq, uint64 upper_seq, BroFile* f) { - if ( f->Write(fmt("\n<>\n", upper_seq - start_seq)) ) + if ( f->Write(fmt("\n<>\n", upper_seq - start_seq)) ) return; reporter->Error("TCP_Reassembler contents gap write failed"); @@ -420,7 +420,7 @@ void TCP_Reassembler::BlockInserted(DataBlock* start_block) void TCP_Reassembler::Overlap(const u_char* b1, const u_char* b2, uint64 n) { if ( DEBUG_tcp_contents ) - DEBUG_MSG("%.6f TCP contents overlap: %"PRIu64" IsOrig()=%d\n", network_time, n, IsOrig()); + DEBUG_MSG("%.6f TCP contents overlap: %" PRIu64" IsOrig()=%d\n", network_time, n, IsOrig()); if ( rexmit_inconsistency && memcmp((const void*) b1, (const void*) b2, n) && @@ -465,7 +465,7 @@ int TCP_Reassembler::DataSent(double t, uint64 seq, int len, if ( DEBUG_tcp_contents ) { - DEBUG_MSG("%.6f DataSent: IsOrig()=%d seq=%"PRIu64" upper=%"PRIu64" ack=%"PRIu64"\n", + DEBUG_MSG("%.6f DataSent: IsOrig()=%d seq=%" PRIu64" upper=%" PRIu64" ack=%" PRIu64"\n", network_time, IsOrig(), seq, upper_seq, ack); } diff --git a/src/cq.c b/src/cq.c index c5405e526a..8005544400 100644 --- a/src/cq.c +++ b/src/cq.c @@ -357,7 +357,7 @@ cq_remove(register struct cq_handle *hp, register double pri, /* The priority must be positive and the cookie non-null */ if (pri <= 0.0 || cookie == NULL) - return (-0); + return (0); bp = hp->buckets + PRI2BUCKET(hp, pri); if (! BUCKETINUSE(bp)) @@ -370,7 +370,7 @@ cq_remove(register struct cq_handle *hp, register double pri, } if ( ! bp ) - return (-0); + return (0); /* Unlink entry */ if ( ! bp2 ) { diff --git a/src/iosource/PktSrc.cc b/src/iosource/PktSrc.cc index eaf85bbfa4..527dadd393 100644 --- a/src/iosource/PktSrc.cc +++ b/src/iosource/PktSrc.cc @@ -506,6 +506,7 @@ bool PktSrc::ApplyBPFFilter(int index, const struct pcap_pkthdr *hdr, const u_ch { Error(fmt("BPF filter %d not compiled", index)); Close(); + return false; } if ( code->MatchesAnything() ) diff --git a/src/iosource/PktSrc.h b/src/iosource/PktSrc.h index 9c05115257..7137798129 100644 --- a/src/iosource/PktSrc.h +++ b/src/iosource/PktSrc.h @@ -266,7 +266,11 @@ protected: Properties() { + selectable_fd = -1; + link_type = -1; + hdr_size = -1; netmask = PCAP_NETMASK_UNKNOWN; + is_live = false; } }; diff --git a/src/iosource/pcap/Source.cc b/src/iosource/pcap/Source.cc index e96933aaa6..72b19b2f14 100644 --- a/src/iosource/pcap/Source.cc +++ b/src/iosource/pcap/Source.cc @@ -21,6 +21,9 @@ PcapSource::PcapSource(const std::string& path, bool is_live) { props.path = path; props.is_live = is_live; + pd = 0; + memset(¤t_hdr, 0, sizeof(current_hdr)); + memset(&last_hdr, 0, sizeof(last_hdr)); last_data = 0; } diff --git a/src/main.cc b/src/main.cc index 63949c5093..15aea3d3fe 100644 --- a/src/main.cc +++ b/src/main.cc @@ -775,6 +775,9 @@ int main(int argc, char** argv) // DEBUG_MSG("HMAC key: %s\n", md5_digest_print(shared_hmac_md5_key)); init_hash_function(); + // Must come after hash initialization. + binpac::init(); + ERR_load_crypto_strings(); OPENSSL_add_all_algorithms_conf(); SSL_library_init(); diff --git a/testing/btest/Baseline/language.vector-in-operator/out b/testing/btest/Baseline/language.vector-in-operator/out new file mode 100644 index 0000000000..5d4600a188 --- /dev/null +++ b/testing/btest/Baseline/language.vector-in-operator/out @@ -0,0 +1,11 @@ +[zero, one, , , , five, , seven] +vec[0] = zero.exe +vec[1] = one.exe +vec[2] = +vec[3] = +vec[4] = +vec[5] = five.exe +vec[6] = +vec[7] = seven.exe +vec[8] = +vec[9] = diff --git a/testing/btest/Baseline/language.when-unitialized-rhs/out b/testing/btest/Baseline/language.when-unitialized-rhs/out new file mode 100644 index 0000000000..620b384da2 --- /dev/null +++ b/testing/btest/Baseline/language.when-unitialized-rhs/out @@ -0,0 +1,38 @@ +error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.when-unitialized-rhs/when-unitialized-rhs.bro, line 9: value used but not set (crashMe) +error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.when-unitialized-rhs/when-unitialized-rhs.bro, line 14: value used but not set (x) +1 +2 +3 +4 +5 +6 +7 +8 +9 +10 +2nd when stmt executing, 999 +1st when stmt executing, not anymore you don't +11 +12 +13 +14 +15 +16 +17 +18 +19 +20 +21 +22 +23 +24 +25 +26 +27 +28 +29 +30 +31 +32 +33 +34 diff --git a/testing/btest/language/vector-in-operator.bro b/testing/btest/language/vector-in-operator.bro new file mode 100644 index 0000000000..5936145363 --- /dev/null +++ b/testing/btest/language/vector-in-operator.bro @@ -0,0 +1,17 @@ +# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: btest-diff out + +local ten = "0123456789"; +local vec: vector of string = { "zero", "one" }; +local n = 0; +vec[5] = "five"; +vec[7] = "seven"; +print vec; +vec = vec + ".exe"; + +for ( c in ten ) + { + local is_set: bool = (n in vec); + print fmt("vec[%s] = %s", n, is_set ? vec[n] : ""); + ++n; + } diff --git a/testing/btest/language/when-unitialized-rhs.bro b/testing/btest/language/when-unitialized-rhs.bro new file mode 100644 index 0000000000..21b94c6e02 --- /dev/null +++ b/testing/btest/language/when-unitialized-rhs.bro @@ -0,0 +1,32 @@ +# @TEST-EXEC: bro -b -r $TRACES/wikipedia.trace %INPUT >out 2>&1 +# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out + +global crashMe: function(): string; +global x: int; + +event bro_init() + { + when( local result = crashMe() ) + { + print "1st when stmt executing", result; + } + + when( local other_result = x ) + { + print "2nd when stmt executing", other_result; + } + } + +global conn_count = 0; + +event new_connection(c: connection) + { + ++conn_count; + print conn_count; + + if ( conn_count == 10 ) + { + x = 999; + crashMe = function(): string { return "not anymore you don't"; }; + } + } diff --git a/testing/btest/language/when.bro b/testing/btest/language/when.bro index 84c1f06cef..d996d1c026 100644 --- a/testing/btest/language/when.bro +++ b/testing/btest/language/when.bro @@ -8,13 +8,25 @@ event bro_init() { - local h1: addr = 127.0.0.1; + local h: addr = 127.0.0.1; - when ( local h1name = lookup_addr(h1) ) + when ( local hname = lookup_addr(h) ) { print "lookup successful"; terminate(); } + timeout 10sec + { + print "timeout (1)"; + } + + local to = 5sec; + # Just checking that timeouts can use arbitrary expressions... + when ( local hname2 = lookup_addr(h) ) {} + timeout to {} + when ( local hname3 = lookup_addr(h) ) {} + timeout to + 2sec {} + print "done"; }