diff --git a/CHANGES b/CHANGES index 056e754a5c..0848e420b7 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,36 @@ +7.1.0-dev.501 | 2024-11-11 21:05:41 +0100 + + * GH-4006: Fix nullptr deref in Spicy accept/decline input (Evan Typanski, Corelight) + + Seems like this is a continuation of #4006 + + * Spicy: Improve error messages reporting malformed unit names in EVT files. (Robin Sommer, Corelight) + + * GH-3988: Spicy:: Remove unhelpful assertion. (Robin Sommer, Corelight) + + In cases of a malformed event definition, this could fire instead of a + more helpful error message coming later. + + Closes #3988. + + * GH-4007: Spicy: Do not raise an analyzer error when a connection is missing a regular tear-down. (Robin Sommer, Corelight) + + So far, when Zeek didn't see a connection's regular tear-down (e.g., + because its state timed-out before we got to the end), we'd still + signal a regular end-of-data to Spicy parsers. As a result, they would + then typically raise a parse error because they were probably still + expecting data and would now declare it missing. That's not very + useful because semantically it's not really a protocol issue if the + data just doesn't make it over to us; it's a transport-layer issue + that Zeek already handles elsewhere. So we now switch to signaling + end-of-data to Spicy analyzers only if the connection indeed shuts + down regularly. This is also matches how BinPAC handles it. + + This also comes with a test exercising various combinations of + end-of-data behavior so that we ensure consistent/desired behavior. + + Closes #4007. + 7.1.0-dev.494 | 2024-11-11 10:25:43 +0100 * ci: Run ZAM CI if src/script_opt is modified (Arne Welzel, Corelight) diff --git a/VERSION b/VERSION index ed46b81fdd..4f4e18af22 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -7.1.0-dev.494 +7.1.0-dev.501 diff --git a/src/spicy/manager.cc b/src/spicy/manager.cc index 4b1d32426c..6d6cd3f059 100644 --- a/src/spicy/manager.cc +++ b/src/spicy/manager.cc @@ -593,25 +593,25 @@ static ::TransportProto transport_protocol(const hilti::rt::Port port) { } static void hook_accept_input() { - auto cookie = static_cast(hilti::rt::context::cookie()); - assert(cookie); - - if ( auto x = cookie->protocol ) { - auto tag = spicy_mgr->tagForProtocolAnalyzer(x->analyzer->GetAnalyzerTag()); - SPICY_DEBUG(hilti::rt::fmt("confirming protocol %s", tag.AsString())); - return x->analyzer->AnalyzerConfirmation(tag); + if ( auto cookie = static_cast(hilti::rt::context::cookie()) ) { + if ( auto x = cookie->protocol ) { + auto tag = spicy_mgr->tagForProtocolAnalyzer(x->analyzer->GetAnalyzerTag()); + SPICY_DEBUG(hilti::rt::fmt("confirming protocol %s", tag.AsString())); + return x->analyzer->AnalyzerConfirmation(tag); + } } } static void hook_decline_input(const std::string& reason) { - auto cookie = static_cast(hilti::rt::context::cookie()); - assert(cookie); - - if ( auto x = cookie->protocol ) { - auto tag = spicy_mgr->tagForProtocolAnalyzer(x->analyzer->GetAnalyzerTag()); - SPICY_DEBUG(hilti::rt::fmt("rejecting protocol %s: %s", tag.AsString(), reason)); - return x->analyzer->AnalyzerViolation(reason.c_str(), nullptr, 0, tag); + if ( auto cookie = static_cast(hilti::rt::context::cookie()) ) { + if ( auto x = cookie->protocol ) { + auto tag = spicy_mgr->tagForProtocolAnalyzer(x->analyzer->GetAnalyzerTag()); + SPICY_DEBUG(hilti::rt::fmt("rejecting protocol %s: %s", tag.AsString(), reason)); + return x->analyzer->AnalyzerViolation(reason.c_str(), nullptr, 0, tag); + } } + else + SPICY_DEBUG(hilti::rt::fmt("attempting to reject protocol without cookie: %s", reason)); } void Manager::InitPostScript() {