From 19b893a5bcd8ff90d0b898fd39ceefe7fd885f6d Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Mon, 4 Jun 2018 13:52:46 -0500 Subject: [PATCH] Make 0 be a valid packet source timestamp For fuzzed/damaged/corrupted pcaps, a timestamp of 0 could lead to an infinite loop in Bro as it interprets that as meaning the packet source is not ready yet. --- CHANGES | 4 ++++ VERSION | 2 +- src/Serializer.cc | 4 ++-- src/iosource/Manager.cc | 4 ++-- 4 files changed, 9 insertions(+), 5 deletions(-) diff --git a/CHANGES b/CHANGES index e807bb0525..52bc4656a2 100644 --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,8 @@ +2.5-642 | 2018-06-04 13:52:46 -0500 + + * Make 0 be a valid packet source timestamp (Corelight) + 2.5-641 | 2018-06-04 09:18:59 -0700 * Add Broker::publish_and_relay BIF diff --git a/VERSION b/VERSION index 15ce2d3aad..6de87095f8 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.5-641 +2.5-642 diff --git a/src/Serializer.cc b/src/Serializer.cc index b759334b4d..0366c36c81 100644 --- a/src/Serializer.cc +++ b/src/Serializer.cc @@ -1017,7 +1017,7 @@ double EventPlayer::NextTimestamp(double* local_network_time) return ne_time; if ( ! io ) - return 0; + return -1; // Read next event if we don't have one waiting. if ( ! ne_time ) @@ -1028,7 +1028,7 @@ double EventPlayer::NextTimestamp(double* local_network_time) } if ( ! ne_time ) - return 0; + return -1; if ( ! network_time ) { diff --git a/src/iosource/Manager.cc b/src/iosource/Manager.cc index 80fa5fe860..390449da81 100644 --- a/src/iosource/Manager.cc +++ b/src/iosource/Manager.cc @@ -81,7 +81,7 @@ IOSource* Manager::FindSoonest(double* ts) all_idle = false; double local_network_time = 0; double ts = (*i)->src->NextTimestamp(&local_network_time); - if ( ts > 0 && ts < soonest_ts ) + if ( ts >= 0 && ts < soonest_ts ) { soonest_ts = ts; soonest_src = (*i)->src; @@ -162,7 +162,7 @@ IOSource* Manager::FindSoonest(double* ts) { double local_network_time = 0; double ts = src->src->NextTimestamp(&local_network_time); - if ( ts > 0.0 && ts < soonest_ts ) + if ( ts >= 0.0 && ts < soonest_ts ) { soonest_ts = ts; soonest_src = src->src;