Merge remote-tracking branch 'origin/master' into topic/vladg/kerberos

CHANGES

@@ -1,4 +1,47 @@
 
+2.3-278 | 2014-11-03 18:55:18 -0800
+
+  * Add new curves from draft-ietf-tls-negotiated-ff-dhe to SSL
+    analysis. (Johanna Amann)
+
+2.3-274 | 2014-10-31 17:45:25 -0700
+
+  * Adding call to new binpac::init() function. (Robin Sommer)
+
+2.3-272 | 2014-10-31 16:29:42 -0700
+
+  * Fix segfault if when statement's RHS is unitialized. Addresses
+    BIT-1176. (Jon Siwek)
+
+  * Fix checking vector indices via "in". Addresses BIT-1280.  (Jon
+    Siwek)
+
+2.3-268 | 2014-10-31 12:12:22 -0500
+
+  * BIT-1283: Fix crash when using &encrypt. (Jon Siwek)
+
+2.3-267 | 2014-10-31 10:35:02 -0500
+
+  * BIT-1284: Allow arbitrary when statement timeout expressions
+    (Jon Siwek)
+
+2.3-266 | 2014-10-31 09:21:28 -0500
+
+  * BIT-1166: Add configure options to fine tune local state dirs used
+    by BroControl. (Jon Siwek)
+
+2.3-264 | 2014-10-30 13:25:57 -0500
+
+  * Fix some minor Coverity Scan complaints. (Jon Siwek)
+
+2.3-263 | 2014-10-28 15:09:10 -0500
+
+  * Fix checking of fwrite return values (Johanna Amann)
+
+2.3-260 | 2014-10-27 12:54:17 -0500
+
+  * Fix errors/warnings when compiling with -std=c++11 (Jon Siwek)
+
 2.3-259 | 2014-10-27 10:04:04 -0500
 
   * Documentation fixes. (Vicente Jimenez Aguilar and Stefano Azzalini)

VERSION

@@ -1 +1 @@
-2.3-259
+2.3-278

aux/binpac

@@ -1 +1 @@
-Subproject commit c8e017b4b1893cf254fc2bc8eedd86b852a2e654
+Subproject commit 77a86591dcf89d7252d3676d3f1199d6c927d073

aux/broctl

@@ -1 +1 @@
-Subproject commit 2b13bfcc941018c76f74b81a6e74e5e4e723c747
+Subproject commit 39e865dec9611b9b53b609cbc8df519cebae0a1e

configure

@@ -24,6 +24,13 @@ Usage: $0 [OPTION]... [VAR=VALUE]...
     --prefix=PREFIX        installation directory [/usr/local/bro]
     --scriptdir=PATH       root installation directory for Bro scripts
                            [PREFIX/share/bro]
+    --localstatedir=PATH   when using BroControl, path to store log files
+                           and run-time data (within log/ and spool/ subdirs)
+                           [PREFIX]
+    --spooldir=PATH        when using BroControl, path to store run-time data
+                           [PREFIX/spool]
+    --logdir=PATH          when using BroControl, path to store log file
+                           [PREFIX/logs]
     --conf-files-dir=PATH  config files installation directory [PREFIX/etc]
 
   Optional Features:
@@ -144,6 +151,15 @@ while [ $# -ne 0 ]; do
             append_cache_entry BRO_ETC_INSTALL_DIR PATH $optarg
             user_set_conffilesdir="true"
             ;;
+        --localstatedir=*)
+            append_cache_entry BRO_LOCAL_STATE_DIR  PATH   $optarg
+            ;;
+        --spooldir=*)
+            append_cache_entry BRO_SPOOL_DIR  PATH   $optarg
+            ;;
+        --logdir=*)
+            append_cache_entry BRO_LOG_DIR  PATH   $optarg
+            ;;
         --enable-debug)
             append_cache_entry ENABLE_DEBUG         BOOL   true
             ;;

pkg/make-deb-packages

@@ -16,6 +16,7 @@ the 'dpkg-dev' package, please install it first.
 }
 
 prefix=/opt/bro
+localstatedir=/var/opt/bro
 
 # During the packaging process, `dpkg-shlibs` will fail if used on a library
 # that links to other internal/project libraries unless an RPATH is used or
@@ -31,7 +32,7 @@ cd ..
 ( cd build && make package )
 
 # Full Bro package
-./configure --prefix=${prefix} --pkg-name-prefix=Bro --binary-package
+./configure --prefix=${prefix} --localstatedir=${localstatedir} --pkg-name-prefix=Bro --binary-package
 ( cd build && make package )
 
 # Broccoli
@@ -42,6 +43,6 @@ cd ../..
 
 # Broctl
 cd aux/broctl
-./configure --prefix=${prefix} --binary-package
+./configure --prefix=${prefix} --localstatedir=${localstatedir} --binary-package
 ( cd build && make package && mv *.deb ../../../build/ )
 cd ../..

pkg/make-rpm-packages

@@ -15,6 +15,7 @@ the 'rpm-build' package, please install it first.
 }
 
 prefix=/opt/bro
+localstatedir=/var/opt/bro
 
 cd ..
 
@@ -24,7 +25,7 @@ cd ..
 ( cd build && make package )
 
 # Full Bro package
-./configure --prefix=${prefix} --pkg-name-prefix=Bro --binary-package
+./configure --prefix=${prefix} --localstatedir=${localstatedir} --pkg-name-prefix=Bro --binary-package
 ( cd build && make package )
 
 # Broccoli
@@ -35,6 +36,6 @@ cd ../..
 
 # Broctl
 cd aux/broctl
-./configure --prefix=${prefix} --binary-package
+./configure --prefix=${prefix} --localstatedir=${localstatedir} --binary-package
 ( cd build && make package && mv *.rpm ../../../build/ )
 cd ../..

scripts/base/protocols/ssl/consts.bro

@@ -158,6 +158,12 @@ export {
 		[26] = "brainpoolP256r1",
 		[27] = "brainpoolP384r1",
 		[28] = "brainpoolP512r1",
+		# draft-ietf-tls-negotiated-ff-dhe-02
+		[256] = "ffdhe2432",
+		[257] = "ffdhe3072",
+		[258] = "ffdhe4096",
+		[259] = "ffdhe6144",
+		[260] = "ffdhe8192",
 		[0xFF01] = "arbitrary_explicit_prime_curves",
 		[0xFF02] = "arbitrary_explicit_char2_curves"
 	} &default=function(i: count):string { return fmt("unknown-%d", i); };

src/Brofiler.cc

@@ -96,7 +96,7 @@ bool Brofiler::WriteStats()
 	map<pair<string, string>, uint64 >::const_iterator it;
 	for ( it = usage_map.begin(); it != usage_map.end(); ++it )
 		{
-		fprintf(f, "%"PRIu64"%c%s%c%s\n", it->second, delim,
+		fprintf(f, "%" PRIu64"%c%s%c%s\n", it->second, delim,
 				it->first.first.c_str(), delim, it->first.second.c_str());
 		}
 

src/DNS_Mgr.cc

@@ -214,7 +214,7 @@ DNS_Mapping::DNS_Mapping(FILE* f)
 	char req_buf[512+1], name_buf[512+1];
 	int is_req_host;
 
-	if ( sscanf(buf, "%lf %d %512s %d %512s %d %d %"PRIu32, &creation_time,
+	if ( sscanf(buf, "%lf %d %512s %d %512s %d %d %" PRIu32, &creation_time,
 	     &is_req_host, req_buf, &failed, name_buf, &map_type, &num_addrs,
 	     &req_ttl) != 8 )
 		return;
@@ -360,7 +360,7 @@ void DNS_Mapping::Clear()
 
 void DNS_Mapping::Save(FILE* f) const
 	{
-	fprintf(f, "%.0f %d %s %d %s %d %d %"PRIu32"\n", creation_time, req_host != 0,
+	fprintf(f, "%.0f %d %s %d %s %d %d %" PRIu32"\n", creation_time, req_host != 0,
 		req_host ? req_host : req_addr.AsString().c_str(),
 		failed, (names && names[0]) ? names[0] : "*",
 		map_type, num_addrs, req_ttl);

src/Expr.cc

@@ -636,7 +636,7 @@ Val* BinaryExpr::Eval(Frame* f) const
 		return v_result;
 		}
 
-	if ( is_vec1 || is_vec2 )
+	if ( IsVector(Type()->Tag()) && (is_vec1 || is_vec2) )
 		{ // fold vector against scalar
 		VectorVal* vv = (is_vec1 ? v1 : v2)->AsVectorVal();
 		VectorVal* v_result = new VectorVal(Type()->AsVectorType());
@@ -4703,8 +4703,14 @@ Val* InExpr::Fold(Val* v1, Val* v2) const
 	     v2->Type()->Tag() == TYPE_SUBNET )
 		return new Val(v2->AsSubNetVal()->Contains(v1->AsAddr()), TYPE_BOOL);
 
-	TableVal* vt = v2->AsTableVal();
-	if ( vt->Lookup(v1, false) )
+	Val* res;
+
+	if ( is_vector(v2) )
+		res = v2->AsVectorVal()->Lookup(v1);
+	else
+		res = v2->AsTableVal()->Lookup(v1, false);
+
+	if ( res )
 		return new Val(1, TYPE_BOOL);
 	else
 		return new Val(0, TYPE_BOOL);

src/File.cc

@@ -527,7 +527,7 @@ void BroFile::SetAttrs(Attributes* arg_attrs)
 		if ( ef->AttrExpr() )
 			InitEncrypt(ef->AttrExpr()->ExprVal()->AsString()->CheckString());
 		else
-			InitEncrypt(log_encryption_key->AsString()->CheckString());
+			InitEncrypt(opt_internal_string("log_encryption_key")->CheckString());
 		}
 
 	if ( attrs->FindAttr(ATTR_RAW_OUTPUT) )
@@ -708,10 +708,10 @@ void BroFile::InitEncrypt(const char* keyfile)
 
 	secret_len = htonl(secret_len);
 
-	if ( ! (fwrite("BROENC1", 7, 1, f) &&
-		fwrite(&secret_len, sizeof(secret_len), 1, f) &&
-		fwrite(secret, ntohl(secret_len), 1, f) &&
-		fwrite(iv, iv_len, 1, f)) )
+	if ( fwrite("BROENC1", 7, 1, f) < 1 ||
+		fwrite(&secret_len, sizeof(secret_len), 1, f) < 1 ||
+		fwrite(secret, ntohl(secret_len), 1, f) < 1 ||
+		fwrite(iv, iv_len, 1, f) < 1 )
 		{
 		reporter->Error("can't write header to log file %s: %s",
 				name, strerror(errno));
@@ -736,7 +736,7 @@ void BroFile::FinishEncrypt()
 		int outl;
 		EVP_SealFinal(cipher_ctx, cipher_buffer, &outl);
 
-		if ( outl && ! fwrite(cipher_buffer, outl, 1, f) )
+		if ( outl && fwrite(cipher_buffer, outl, 1, f) < 1 )
 			{
 			reporter->Error("write error for %s: %s",
 					name, strerror(errno));
@@ -777,7 +777,7 @@ int BroFile::Write(const char* data, int len)
 				return 0;
 				}
 
-			if ( outl && ! fwrite(cipher_buffer, outl, 1, f) )
+			if ( outl && fwrite(cipher_buffer, outl, 1, f) < 1 )
 				{
 				reporter->Error("write error for %s: %s",
 						name, strerror(errno));
@@ -792,8 +792,7 @@ int BroFile::Write(const char* data, int len)
 		return 1;
 		}
 
-	len = fwrite(data, 1, len, f);
-	if ( len <= 0 )
+	if ( fwrite(data, len, 1, f) < 1 )
 		return false;
 
 	if ( rotate_size && current_size < rotate_size && current_size + len >= rotate_size )

src/Flare.cc

@@ -22,7 +22,7 @@ static void bad_pipe_op(const char* which)
 
 void Flare::Fire()
 	{
-	char tmp;
+	char tmp = 0;
 
 	for ( ; ; )
 		{

src/H3.h

@@ -110,7 +110,7 @@ public:
 		T result = 0;
 
 		// loop optmized with Duff's Device
-		register unsigned n = (size + 7) / 8;
+		unsigned n = (size + 7) / 8;
 		switch ( size % 8 ) {
 		case 0: do { result ^= byte_lookup[offset++][*p++];
 		case 7:      result ^= byte_lookup[offset++][*p++];

src/Reassem.cc

@@ -182,7 +182,7 @@ DataBlock* Reassembler::AddAndCheck(DataBlock* b, uint64 seq, uint64 upper,
 	{
 	if ( DEBUG_reassem )
 		{
-		DEBUG_MSG("%.6f Reassembler::AddAndCheck seq=%"PRIu64", upper=%"PRIu64"\n",
+		DEBUG_MSG("%.6f Reassembler::AddAndCheck seq=%" PRIu64", upper=%" PRIu64"\n",
 		          network_time, seq, upper);
 		}
 

src/RemoteSerializer.cc

@@ -707,7 +707,7 @@ RemoteSerializer::PeerID RemoteSerializer::Connect(const IPAddr& ip,
 	const size_t BUFSIZE = 1024;
 	char* data = new char[BUFSIZE];
 	snprintf(data, BUFSIZE,
-	         "%"PRI_PTR_COMPAT_UINT",%s,%s,%"PRIu16",%"PRIu32",%d", p->id,
+	         "%" PRI_PTR_COMPAT_UINT",%s,%s,%" PRIu16",%" PRIu32",%d", p->id,
 	         ip.AsString().c_str(), zone_id.c_str(), port, uint32(retry),
 	         use_ssl);
 
@@ -1267,7 +1267,7 @@ bool RemoteSerializer::Listen(const IPAddr& ip, uint16 port, bool expect_ssl,
 
 	const size_t BUFSIZE = 1024;
 	char* data = new char[BUFSIZE];
-	snprintf(data, BUFSIZE, "%s,%"PRIu16",%d,%d,%s,%"PRIu32,
+	snprintf(data, BUFSIZE, "%s,%" PRIu16",%d,%d,%s,%" PRIu32,
 	         ip.AsString().c_str(), port, expect_ssl, ipv6, zone_id.c_str(),
 	         (uint32) retry);
 
@@ -4075,7 +4075,7 @@ bool SocketComm::Connect(Peer* peer)
 
 		const size_t BUFSIZE = 1024;
 		char* data = new char[BUFSIZE];
-		snprintf(data, BUFSIZE, "%s,%"PRIu32, peer->ip.AsString().c_str(),
+		snprintf(data, BUFSIZE, "%s,%" PRIu32, peer->ip.AsString().c_str(),
 		         peer->port);
 
 		if ( ! SendToParent(MSG_CONNECTED, peer, data) )
@@ -4190,7 +4190,7 @@ bool SocketComm::Listen()
 		     setsockopt(fd, IPPROTO_IPV6, IPV6_V6ONLY, &on, sizeof(on)) < 0 )
 			Error(fmt("can't set IPV6_V6ONLY, %s", strerror(errno)));
 
-		if ( bind(fd, res->ai_addr, res->ai_addrlen) < 0 )
+		if ( ::bind(fd, res->ai_addr, res->ai_addrlen) < 0 )
 			{
 			Error(fmt("can't bind to %s:%s, %s", l_addr_str.c_str(),
 			          port_str, strerror(errno)));
@@ -4287,7 +4287,7 @@ bool SocketComm::AcceptConnection(int fd)
 
 	const size_t BUFSIZE = 1024;
 	char* data = new char[BUFSIZE];
-	snprintf(data, BUFSIZE, "%s,%"PRIu32, peer->ip.AsString().c_str(),
+	snprintf(data, BUFSIZE, "%s,%" PRIu32, peer->ip.AsString().c_str(),
 	         peer->port);
 
 	if ( ! SendToParent(MSG_CONNECTED, peer, data) )

src/SerializationFormat.cc

@@ -541,19 +541,19 @@ bool XMLSerializationFormat::Write(uint16 v, const char* tag)
 
 bool XMLSerializationFormat::Write(uint32 v, const char* tag)
 	{
-	const char* tmp = fmt("%"PRIu32, v);
+	const char* tmp = fmt("%" PRIu32, v);
 	return WriteElem(tag, "uint32", tmp, strlen(tmp));
 	}
 
 bool XMLSerializationFormat::Write(uint64 v, const char* tag)
 	{
-	const char* tmp = fmt("%"PRIu64, v);
+	const char* tmp = fmt("%" PRIu64, v);
 	return WriteElem(tag, "uint64", tmp, strlen(tmp));
 	}
 
 bool XMLSerializationFormat::Write(int64 v, const char* tag)
 	{
-	const char* tmp = fmt("%"PRId64, v);
+	const char* tmp = fmt("%" PRId64, v);
 	return WriteElem(tag, "int64", tmp, strlen(tmp));
 	}
 

src/Sessions.cc

@@ -544,7 +544,7 @@ void NetSessions::DoNextPacket(double t, const struct pcap_pkthdr* hdr,
 			if ( proto_typ != 0x0800 && proto_typ != 0x86dd )
 				{
 				// Not IPv4/IPv6 payload.
-				Weird(fmt("unknown_gre_protocol_%"PRIu16, proto_typ), ip_hdr,
+				Weird(fmt("unknown_gre_protocol_%" PRIu16, proto_typ), ip_hdr,
 				      encapsulation);
 				return;
 				}

src/Stats.cc

@@ -160,7 +160,7 @@ void ProfileLogger::Log()
 	file->Write(fmt("%.06f Connections expired due to inactivity: %d\n",
 		network_time, killed_by_inactivity));
 
-	file->Write(fmt("%.06f Total reassembler data: %"PRIu64"K\n", network_time,
+	file->Write(fmt("%.06f Total reassembler data: %" PRIu64"K\n", network_time,
 		Reassembler::TotalMemoryAllocation() / 1024));
 
 	// Signature engine.

src/Trigger.cc

@@ -131,18 +131,19 @@ Trigger::Trigger(Expr* arg_cond, Stmt* arg_body, Stmt* arg_timeout_stmts,
 		arg_frame->SetDelayed();
 		}
 
-	Val* timeout = arg_timeout ? arg_timeout->ExprVal() : 0;
+	Val* timeout_val = arg_timeout ? arg_timeout->Eval(arg_frame) : 0;
 
 	// Make sure we don't get deleted if somebody calls a method like
 	// Timeout() while evaluating the trigger. 
 	Ref(this);
 
-	if ( ! Eval() && timeout )
+	if ( ! Eval() && timeout_val )
 		{
-		timer = new TriggerTimer(timeout->AsInterval(), this);
+		timer = new TriggerTimer(timeout_val->AsInterval(), this);
 		timer_mgr->Add(timer);
 		}
 
+	Unref(timeout_val);
 	Unref(this);
 	}
 
@@ -206,7 +207,7 @@ bool Trigger::Eval()
 		return false;
 		}
 
-	if ( v->IsZero() )
+	if ( ! v || v->IsZero() )
 		{
 		// Not true. Perhaps next time...
 		DBG_LOG(DBG_NOTIFIERS, "%s: trigger condition is false", Name());

src/analyzer/Analyzer.cc

@@ -598,7 +598,7 @@ SupportAnalyzer* Analyzer::FirstSupportAnalyzer(bool orig)
 void Analyzer::DeliverPacket(int len, const u_char* data, bool is_orig,
 				uint64 seq, const IP_Hdr* ip, int caplen)
 	{
-	DBG_LOG(DBG_ANALYZER, "%s DeliverPacket(%d, %s, %"PRIu64", %p, %d) [%s%s]",
+	DBG_LOG(DBG_ANALYZER, "%s DeliverPacket(%d, %s, %" PRIu64", %p, %d) [%s%s]",
 			fmt_analyzer(this).c_str(), len, is_orig ? "T" : "F", seq, ip, caplen,
 			fmt_bytes((const char*) data, min(40, len)), len > 40 ? "..." : "");
 	}
@@ -612,7 +612,7 @@ void Analyzer::DeliverStream(int len, const u_char* data, bool is_orig)
 
 void Analyzer::Undelivered(uint64 seq, int len, bool is_orig)
 	{
-	DBG_LOG(DBG_ANALYZER, "%s Undelivered(%"PRIu64", %d, %s)",
+	DBG_LOG(DBG_ANALYZER, "%s Undelivered(%" PRIu64", %d, %s)",
 			fmt_analyzer(this).c_str(), seq, len, is_orig ? "T" : "F");
 	}
 

src/analyzer/protocol/http/HTTP.cc

@@ -416,7 +416,7 @@ void HTTP_Entity::SubmitHeader(mime::MIME_Header* h)
 		int64_t len = l - f + 1;
 
 		if ( DEBUG_http )
-			DEBUG_MSG("Content-Range length = %"PRId64"\n", len);
+			DEBUG_MSG("Content-Range length = %" PRId64"\n", len);
 
 		if ( len > 0 )
 			{
@@ -1060,7 +1060,7 @@ void HTTP_Analyzer::Undelivered(uint64 seq, int len, bool is_orig)
 		{
 		if ( msg )
 			msg->SubmitEvent(mime::MIME_EVENT_CONTENT_GAP,
-				fmt("seq=%"PRIu64", len=%d", seq, len));
+				fmt("seq=%" PRIu64", len=%d", seq, len));
 		}
 
 	// Check if the content gap falls completely within a message body

src/analyzer/protocol/smtp/SMTP.cc

@@ -21,7 +21,9 @@ static const char* smtp_cmd_word[] = {
 #include "SMTP_cmd.def"
 };
 
-#define SMTP_CMD_WORD(code) ((code >= 0) ? smtp_cmd_word[code] : "(UNKNOWN)")
+static const char* unknown_cmd = "(UNKNOWN)";
+
+#define SMTP_CMD_WORD(code) ((code >= 0) ? smtp_cmd_word[code] : unknown_cmd)
 
 
 SMTP_Analyzer::SMTP_Analyzer(Connection* conn)
@@ -83,7 +85,7 @@ void SMTP_Analyzer::Undelivered(uint64 seq, int len, bool is_orig)
 	if ( len <= 0 )
 		return;
 
-	const char* buf = fmt("seq = %"PRIu64", len = %d", seq, len);
+	const char* buf = fmt("seq = %" PRIu64", len = %d", seq, len);
 	int buf_len = strlen(buf);
 
 	Unexpected(is_orig, "content gap", buf_len, buf);
@@ -422,7 +424,6 @@ void SMTP_Analyzer::NewReply(const int reply_code)
 	if ( state == SMTP_AFTER_GAP && reply_code > 0 )
 		{
 		state = SMTP_GAP_RECOVERY;
-		const char* unknown_cmd = SMTP_CMD_WORD(-1);
 		RequestEvent(strlen(unknown_cmd), unknown_cmd, 0, "");
 		/*
 		if ( line_after_gap )

src/analyzer/protocol/snmp/snmp-analyzer.pac

@@ -84,7 +84,7 @@ StringVal* asn1_oid_to_val(const ASN1Encoding* oid)
 		if ( i > 0 )
 			{
 			rval += ".";
-			snprintf(tmp, sizeof(tmp), "%"PRIu64, subidentifier_values[i]);
+			snprintf(tmp, sizeof(tmp), "%" PRIu64, subidentifier_values[i]);
 			rval += tmp;
 			}
 		else

src/analyzer/protocol/tcp/TCP.cc

@@ -1901,7 +1901,7 @@ void TCP_ApplicationAnalyzer::DeliverPacket(int len, const u_char* data,
 						const IP_Hdr* ip, int caplen)
 	{
 	Analyzer::DeliverPacket(len, data, is_orig, seq, ip, caplen);
-	DBG_LOG(DBG_ANALYZER, "TCP_ApplicationAnalyzer ignoring DeliverPacket(%d, %s, %"PRIu64", %p, %d) [%s%s]",
+	DBG_LOG(DBG_ANALYZER, "TCP_ApplicationAnalyzer ignoring DeliverPacket(%d, %s, %" PRIu64", %p, %d) [%s%s]",
 			len, is_orig ? "T" : "F", seq, ip, caplen,
 			fmt_bytes((const char*) data, min(40, len)), len > 40 ? "..." : "");
 	}
@@ -2053,7 +2053,7 @@ int TCPStats_Endpoint::DataSent(double /* t */, uint64 seq, int len, int caplen,
 			num_rxmit_bytes += len;
 			}
 
-		DEBUG_MSG("%.6f rexmit %"PRIu64" + %d <= %"PRIu64" data_in_flight = %d\n",
+		DEBUG_MSG("%.6f rexmit %" PRIu64" + %d <= %" PRIu64" data_in_flight = %d\n",
 		 	network_time, seq, len, max_top_seq, data_in_flight);
 
 		if ( tcp_rexmit )

src/analyzer/protocol/tcp/TCP_Reassembler.cc

@@ -188,7 +188,7 @@ void TCP_Reassembler::Undelivered(uint64 up_to_seq)
 
 	if ( DEBUG_tcp_contents )
 		{
-		DEBUG_MSG("%.6f Undelivered: IsOrig()=%d up_to_seq=%"PRIu64", last_reassm=%"PRIu64", "
+		DEBUG_MSG("%.6f Undelivered: IsOrig()=%d up_to_seq=%" PRIu64", last_reassm=%" PRIu64", "
 		          "endp: FIN_cnt=%d, RST_cnt=%d, "
 		          "peer: FIN_cnt=%d, RST_cnt=%d\n",
 		          network_time, IsOrig(), up_to_seq, last_reassem_seq,
@@ -219,7 +219,7 @@ void TCP_Reassembler::Undelivered(uint64 up_to_seq)
 		{
 		if ( DEBUG_tcp_contents )
 			{
-			DEBUG_MSG("%.6f Undelivered: IsOrig()=%d, seq=%"PRIu64", len=%"PRIu64", "
+			DEBUG_MSG("%.6f Undelivered: IsOrig()=%d, seq=%" PRIu64", len=%" PRIu64", "
 					  "skip_deliveries=%d\n",
 					  network_time, IsOrig(), last_reassem_seq,
 					  up_to_seq - last_reassem_seq,
@@ -350,7 +350,7 @@ void TCP_Reassembler::RecordBlock(DataBlock* b, BroFile* f)
 
 void TCP_Reassembler::RecordGap(uint64 start_seq, uint64 upper_seq, BroFile* f)
 	{
-	if ( f->Write(fmt("\n<<gap %"PRIu64">>\n", upper_seq - start_seq)) )
+	if ( f->Write(fmt("\n<<gap %" PRIu64">>\n", upper_seq - start_seq)) )
 		return;
 
 	reporter->Error("TCP_Reassembler contents gap write failed");
@@ -420,7 +420,7 @@ void TCP_Reassembler::BlockInserted(DataBlock* start_block)
 void TCP_Reassembler::Overlap(const u_char* b1, const u_char* b2, uint64 n)
 	{
 	if ( DEBUG_tcp_contents )
-		DEBUG_MSG("%.6f TCP contents overlap: %"PRIu64" IsOrig()=%d\n", network_time,  n, IsOrig());
+		DEBUG_MSG("%.6f TCP contents overlap: %" PRIu64" IsOrig()=%d\n", network_time,  n, IsOrig());
 
 	if ( rexmit_inconsistency &&
 	     memcmp((const void*) b1, (const void*) b2, n) &&
@@ -465,7 +465,7 @@ int TCP_Reassembler::DataSent(double t, uint64 seq, int len,
 
 	if ( DEBUG_tcp_contents )
 		{
-		DEBUG_MSG("%.6f DataSent: IsOrig()=%d seq=%"PRIu64" upper=%"PRIu64" ack=%"PRIu64"\n",
+		DEBUG_MSG("%.6f DataSent: IsOrig()=%d seq=%" PRIu64" upper=%" PRIu64" ack=%" PRIu64"\n",
 		          network_time, IsOrig(), seq, upper_seq, ack);
 		}
 

src/cq.c

@@ -357,7 +357,7 @@ cq_remove(register struct cq_handle *hp, register double pri,
 
 	/* The priority must be positive and the cookie non-null */
 	if (pri <= 0.0 || cookie == NULL)
-		return (-0);
+		return (0);
 
 	bp = hp->buckets + PRI2BUCKET(hp, pri);
 	if (! BUCKETINUSE(bp))
@@ -370,7 +370,7 @@ cq_remove(register struct cq_handle *hp, register double pri,
 		}
 
 	if ( ! bp )
-		return (-0);
+		return (0);
 
 	/* Unlink entry */
 	if ( ! bp2 ) {

src/iosource/PktSrc.cc

@@ -506,6 +506,7 @@ bool PktSrc::ApplyBPFFilter(int index, const struct pcap_pkthdr *hdr, const u_ch
 		{
 		Error(fmt("BPF filter %d not compiled", index));
 		Close();
+		return false;
 		}
 
 	if ( code->MatchesAnything() )

src/iosource/PktSrc.h

@@ -266,7 +266,11 @@ protected:
 
 		Properties()
 			{
+			selectable_fd = -1;
+			link_type = -1;
+			hdr_size = -1;
 			netmask = PCAP_NETMASK_UNKNOWN;
+			is_live = false;
 			}
 	};
 

src/iosource/pcap/Source.cc

@@ -21,6 +21,9 @@ PcapSource::PcapSource(const std::string& path, bool is_live)
 	{
 	props.path = path;
 	props.is_live = is_live;
+	pd = 0;
+	memset(&current_hdr, 0, sizeof(current_hdr));
+	memset(&last_hdr, 0, sizeof(last_hdr));
 	last_data = 0;
 	}
 

src/main.cc

@@ -775,6 +775,9 @@ int main(int argc, char** argv)
 	// DEBUG_MSG("HMAC key: %s\n", md5_digest_print(shared_hmac_md5_key));
 	init_hash_function();
 
+	// Must come after hash initialization.
+	binpac::init();
+
 	ERR_load_crypto_strings();
 	OPENSSL_add_all_algorithms_conf();
 	SSL_library_init();

testing/btest/Baseline/language.vector-in-operator/out

@@ -0,0 +1,11 @@
+[zero, one, , , , five, , seven]
+vec[0] = zero.exe
+vec[1] = one.exe
+vec[2] = <not set>
+vec[3] = <not set>
+vec[4] = <not set>
+vec[5] = five.exe
+vec[6] = <not set>
+vec[7] = seven.exe
+vec[8] = <not set>
+vec[9] = <not set>

testing/btest/Baseline/language.when-unitialized-rhs/out

@@ -0,0 +1,38 @@
+error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.when-unitialized-rhs/when-unitialized-rhs.bro, line 9: value used but not set (crashMe)
+error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.when-unitialized-rhs/when-unitialized-rhs.bro, line 14: value used but not set (x)
+1
+2
+3
+4
+5
+6
+7
+8
+9
+10
+2nd when stmt executing, 999
+1st when stmt executing, not anymore you don't
+11
+12
+13
+14
+15
+16
+17
+18
+19
+20
+21
+22
+23
+24
+25
+26
+27
+28
+29
+30
+31
+32
+33
+34

testing/btest/language/vector-in-operator.bro

@@ -0,0 +1,17 @@
+# @TEST-EXEC: bro -b %INPUT >out
+# @TEST-EXEC: btest-diff out
+
+local ten = "0123456789";
+local vec: vector of string = { "zero", "one" };
+local n = 0;
+vec[5] = "five";
+vec[7] = "seven";
+print vec;
+vec = vec + ".exe";
+
+for ( c in ten )
+	{
+	local is_set: bool = (n in vec);
+	print fmt("vec[%s] = %s", n, is_set ? vec[n] : "<not set>");
+	++n;
+	}

testing/btest/language/when-unitialized-rhs.bro

@@ -0,0 +1,32 @@
+# @TEST-EXEC: bro -b -r $TRACES/wikipedia.trace %INPUT >out 2>&1
+# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out
+
+global crashMe: function(): string;
+global x: int;
+
+event bro_init()
+	{
+	when( local result = crashMe() )
+		{
+		print "1st when stmt executing", result;
+		}
+
+	when( local other_result = x )
+		{
+		print "2nd when stmt executing", other_result;
+		}
+	}
+
+global conn_count = 0;
+
+event new_connection(c: connection)
+	{
+	++conn_count;
+	print conn_count;
+
+	if ( conn_count == 10 )
+		{
+		x = 999;
+		crashMe = function(): string { return "not anymore you don't"; };
+		}
+	}

testing/btest/language/when.bro

@@ -8,13 +8,25 @@
 
 event bro_init()
 {
-	local h1: addr = 127.0.0.1;
+	local h: addr = 127.0.0.1;
 
-	when ( local h1name = lookup_addr(h1) )
+	when ( local hname = lookup_addr(h) )
 		{ 
 		print "lookup successful";
 		terminate();
 		}
+	timeout 10sec
+		{
+		print "timeout (1)";
+		}
+
+	local to = 5sec;
+	# Just checking that timeouts can use arbitrary expressions...
+	when ( local hname2 = lookup_addr(h) ) {}
+	timeout to {}
+	when ( local hname3 = lookup_addr(h) ) {}
+	timeout to + 2sec {}
+
 	print "done";
 }