From c4e8908c8e267c1e93fd7fa0c9df22f474ec47f3 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Thu, 29 Aug 2013 15:50:46 -0500 Subject: [PATCH 1/3] Fix invalid pointer dereference in AsciiFormatter. Using a temporary object with strtol() makes the end pointer that it sets invalid after the call. --- src/threading/AsciiFormatter.cc | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/threading/AsciiFormatter.cc b/src/threading/AsciiFormatter.cc index cb1c57f6f1..616abbe2b6 100644 --- a/src/threading/AsciiFormatter.cc +++ b/src/threading/AsciiFormatter.cc @@ -247,7 +247,8 @@ threading::Value* AsciiFormatter::ParseValue(string s, string name, TypeTag type goto parse_error; } - uint8_t width = (uint8_t) strtol(s.substr(pos+1).c_str(), &end, 10); + string width_str = s.substr(pos + 1); + uint8_t width = (uint8_t) strtol(width_str.c_str(), &end, 10); if ( CheckNumberError(s, end) ) goto parse_error; From 742a047a40e6eeb32aea9ededf6bd294d5263ff8 Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Thu, 29 Aug 2013 16:22:59 -0500 Subject: [PATCH 2/3] Fix malloc/delete mismatch. --- src/input/Manager.cc | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/src/input/Manager.cc b/src/input/Manager.cc index 9e8e406346..2534ed1b69 100644 --- a/src/input/Manager.cc +++ b/src/input/Manager.cc @@ -2090,9 +2090,7 @@ HashKey* Manager::HashValues(const int num_elements, const Value* const *vals) return NULL; int position = 0; - char *data = (char*) malloc(length); - if ( data == 0 ) - reporter->InternalError("Could not malloc?"); + char *data = new char[length]; for ( int i = 0; i < num_elements; i++ ) { @@ -2108,7 +2106,7 @@ HashKey* Manager::HashValues(const int num_elements, const Value* const *vals) } HashKey *key = new HashKey(data, length); - delete data; + delete [] data; assert(position == length); return key; From dc2e3d6e04ad7504989b0b377f3c2f6cb9e1a2ef Mon Sep 17 00:00:00 2001 From: Jon Siwek Date: Thu, 29 Aug 2013 17:17:40 -0500 Subject: [PATCH 3/3] Fix global opaque val segfault, addresses BIT-1071 The opaque types need to be created before scripts are parsed. --- src/NetVar.cc | 14 -------------- src/NetVar.h | 8 -------- src/Type.h | 7 +++++++ src/main.cc | 14 ++++++++++++++ .../btest/Baseline/core.global_opaque_val/output | 1 + testing/btest/core/global_opaque_val.bro | 12 ++++++++++++ 6 files changed, 34 insertions(+), 22 deletions(-) create mode 100644 testing/btest/Baseline/core.global_opaque_val/output create mode 100644 testing/btest/core/global_opaque_val.bro diff --git a/src/NetVar.cc b/src/NetVar.cc index dad0547059..7a11c3f2d1 100644 --- a/src/NetVar.cc +++ b/src/NetVar.cc @@ -242,13 +242,6 @@ StringVal* global_hash_seed; bro_uint_t bits_per_uid; -OpaqueType* md5_type; -OpaqueType* sha1_type; -OpaqueType* sha256_type; -OpaqueType* entropy_type; -OpaqueType* topk_type; -OpaqueType* bloomfilter_type; - #include "const.bif.netvar_def" #include "types.bif.netvar_def" #include "event.bif.netvar_def" @@ -312,13 +305,6 @@ void init_general_global_var() global_hash_seed = opt_internal_string("global_hash_seed"); bits_per_uid = opt_internal_unsigned("bits_per_uid"); - - md5_type = new OpaqueType("md5"); - sha1_type = new OpaqueType("sha1"); - sha256_type = new OpaqueType("sha256"); - entropy_type = new OpaqueType("entropy"); - topk_type = new OpaqueType("topk"); - bloomfilter_type = new OpaqueType("bloomfilter"); } void init_net_var() diff --git a/src/NetVar.h b/src/NetVar.h index aa808abb59..c30895d5d4 100644 --- a/src/NetVar.h +++ b/src/NetVar.h @@ -246,14 +246,6 @@ extern StringVal* global_hash_seed; extern bro_uint_t bits_per_uid; -class OpaqueType; -extern OpaqueType* md5_type; -extern OpaqueType* sha1_type; -extern OpaqueType* sha256_type; -extern OpaqueType* entropy_type; -extern OpaqueType* topk_type; -extern OpaqueType* bloomfilter_type; - // Initializes globals that don't pertain to network/event analysis. extern void init_general_global_var(); diff --git a/src/Type.h b/src/Type.h index b10e249745..52fdfe5043 100644 --- a/src/Type.h +++ b/src/Type.h @@ -609,6 +609,13 @@ protected: BroType* yield_type; }; +extern OpaqueType* md5_type; +extern OpaqueType* sha1_type; +extern OpaqueType* sha256_type; +extern OpaqueType* entropy_type; +extern OpaqueType* topk_type; +extern OpaqueType* bloomfilter_type; + // Returns the BRO basic (non-parameterized) type with the given type. extern BroType* base_type(TypeTag tag); diff --git a/src/main.cc b/src/main.cc index 9868f62be9..bc47e21fc5 100644 --- a/src/main.cc +++ b/src/main.cc @@ -124,6 +124,13 @@ vector params; char* proc_status_file = 0; int snaplen = 0; // this gets set from the scripting-layer's value +OpaqueType* md5_type = 0; +OpaqueType* sha1_type = 0; +OpaqueType* sha256_type = 0; +OpaqueType* entropy_type = 0; +OpaqueType* topk_type = 0; +OpaqueType* bloomfilter_type = 0; + extern std::list docs_generated; // Keep copy of command line @@ -845,6 +852,13 @@ int main(int argc, char** argv) input::reader::Raw::ClassInit(); + md5_type = new OpaqueType("md5"); + sha1_type = new OpaqueType("sha1"); + sha256_type = new OpaqueType("sha256"); + entropy_type = new OpaqueType("entropy"); + topk_type = new OpaqueType("topk"); + bloomfilter_type = new OpaqueType("bloomfilter"); + // The leak-checker tends to produce some false // positives (memory which had already been // allocated before we start the checking is diff --git a/testing/btest/Baseline/core.global_opaque_val/output b/testing/btest/Baseline/core.global_opaque_val/output new file mode 100644 index 0000000000..db604ebbf4 --- /dev/null +++ b/testing/btest/Baseline/core.global_opaque_val/output @@ -0,0 +1 @@ +7b0391feb2e0cd271f1cf39aafb4376f diff --git a/testing/btest/core/global_opaque_val.bro b/testing/btest/core/global_opaque_val.bro new file mode 100644 index 0000000000..84087d8295 --- /dev/null +++ b/testing/btest/core/global_opaque_val.bro @@ -0,0 +1,12 @@ +# @TEST-EXEC: bro -b %INPUT >output +# @TEST-EXEC: btest-diff output + +global test = md5_hash_init(); + +event bro_init() + { + md5_hash_update(test, "one"); + md5_hash_update(test, "two"); + md5_hash_update(test, "three"); + print md5_hash_finish(test); + }