Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Merge remote-tracking branch 'origin/topic/etyp/cookie-nullptr-spicy-dpd'

Browse source
This commit is contained in:
Benjamin Bannier 2024-11-11 21:05:41 +01:00
commit 1d38c31071
3 changed files with 48 additions and 15 deletions
Download patch file Download diff file Expand all files Collapse all files

33
CHANGES
View file

@ -1,3 +1,36 @@
7.1.0-dev.501 | 2024-11-11 21:05:41 +0100
* GH-4006: Fix nullptr deref in Spicy accept/decline input (Evan Typanski, Corelight)
Seems like this is a continuation of #4006
* Spicy: Improve error messages reporting malformed unit names in EVT files. (Robin Sommer, Corelight)
* GH-3988: Spicy:: Remove unhelpful assertion. (Robin Sommer, Corelight)
In cases of a malformed event definition, this could fire instead of a
more helpful error message coming later.
Closes #3988.
* GH-4007: Spicy: Do not raise an analyzer error when a connection is missing a regular tear-down. (Robin Sommer, Corelight)
So far, when Zeek didn't see a connection's regular tear-down (e.g.,
because its state timed-out before we got to the end), we'd still
signal a regular end-of-data to Spicy parsers. As a result, they would
then typically raise a parse error because they were probably still
expecting data and would now declare it missing. That's not very
useful because semantically it's not really a protocol issue if the
data just doesn't make it over to us; it's a transport-layer issue
that Zeek already handles elsewhere. So we now switch to signaling
end-of-data to Spicy analyzers only if the connection indeed shuts
down regularly. This is also matches how BinPAC handles it.
This also comes with a test exercising various combinations of
end-of-data behavior so that we ensure consistent/desired behavior.
Closes #4007.
7.1.0-dev.494 | 2024-11-11 10:25:43 +0100
* ci: Run ZAM CI if src/script_opt is modified (Arne Welzel, Corelight)

2
VERSION
View file

@ -1 +1 @@
7.1.0-dev.494
7.1.0-dev.501

12
src/spicy/manager.cc
View file

@ -593,25 +593,25 @@ static ::TransportProto transport_protocol(const hilti::rt::Port port) {
}
static void hook_accept_input() {
auto cookie = static_cast<rt::Cookie*>(hilti::rt::context::cookie());
assert(cookie);
if ( auto cookie = static_cast<rt::Cookie*>(hilti::rt::context::cookie()) ) {
if ( auto x = cookie->protocol ) {
auto tag = spicy_mgr->tagForProtocolAnalyzer(x->analyzer->GetAnalyzerTag());
SPICY_DEBUG(hilti::rt::fmt("confirming protocol %s", tag.AsString()));
return x->analyzer->AnalyzerConfirmation(tag);
}
}
}
static void hook_decline_input(const std::string& reason) {
auto cookie = static_cast<rt::Cookie*>(hilti::rt::context::cookie());
assert(cookie);
if ( auto cookie = static_cast<rt::Cookie*>(hilti::rt::context::cookie()) ) {
if ( auto x = cookie->protocol ) {
auto tag = spicy_mgr->tagForProtocolAnalyzer(x->analyzer->GetAnalyzerTag());
SPICY_DEBUG(hilti::rt::fmt("rejecting protocol %s: %s", tag.AsString(), reason));
return x->analyzer->AnalyzerViolation(reason.c_str(), nullptr, 0, tag);
}
}
else
SPICY_DEBUG(hilti::rt::fmt("attempting to reject protocol without cookie: %s", reason));
}
void Manager::InitPostScript() {