diff --git a/CHANGES b/CHANGES index 265f674115..26ce4fe4db 100644 --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,15 @@ +2.6-591 | 2019-07-11 13:29:28 -0700 + + * Fix potential thread safety issue with zeekenv util function + + Observed segfault accessing the local static std::map of zeekenv() from + a logging thread, but only in non-debug builds using Apple/Clang + compiler, not in a debug build or GCC. Don't quite get this behavior + since static local variable initialization is supposed to be thread-safe + since C++11, but moving to a global static works and is "more efficient" + anyway since there's no longer any run-time overhead. (Jon Siwek, Corelight) + 2.6-589 | 2019-07-11 13:14:52 -0700 * GH-421: fix bugs/regressions in DNP3 analyzer (Hui Lin) diff --git a/VERSION b/VERSION index 2e1ccaed09..ab6fd2fbdb 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.6-589 +2.6-591 diff --git a/src/util.cc b/src/util.cc index f2735ad29a..e7d989660b 100644 --- a/src/util.cc +++ b/src/util.cc @@ -1842,24 +1842,24 @@ void bro_strerror_r(int bro_errno, char* buf, size_t buflen) strerror_r_helper(res, buf, buflen); } +static const std::map legacy_vars = { + { "ZEEKPATH", "BROPATH" }, + { "ZEEK_PLUGIN_PATH", "BRO_PLUGIN_PATH" }, + { "ZEEK_PLUGIN_ACTIVATE", "BRO_PLUGIN_ACTIVATE" }, + { "ZEEK_PREFIXES", "BRO_PREFIXES" }, + { "ZEEK_DNS_FAKE", "BRO_DNS_FAKE" }, + { "ZEEK_SEED_FILE", "BRO_SEED_FILE" }, + { "ZEEK_LOG_SUFFIX", "BRO_LOG_SUFFIX" }, + { "ZEEK_PROFILER_FILE", "BRO_PROFILER_FILE" }, + { "ZEEK_DISABLE_ZEEKYGEN", "BRO_DISABLE_BROXYGEN" }, + { "ZEEK_DEFAULT_CONNECT_RETRY", "BRO_DEFAULT_CONNECT_RETRY" }, + { "ZEEK_BROKER_MAX_THREADS", "BRO_BROKER_MAX_THREADS" }, + { "ZEEK_DEFAULT_LISTEN_ADDRESS", "BRO_DEFAULT_LISTEN_ADDRESS" }, + { "ZEEK_DEFAULT_LISTEN_RETRY", "BRO_DEFAULT_LISTEN_RETRY" }, +}; + char* zeekenv(const char* name) { - static std::map legacy_vars = { - { "ZEEKPATH", "BROPATH" }, - { "ZEEK_PLUGIN_PATH", "BRO_PLUGIN_PATH" }, - { "ZEEK_PLUGIN_ACTIVATE", "BRO_PLUGIN_ACTIVATE" }, - { "ZEEK_PREFIXES", "BRO_PREFIXES" }, - { "ZEEK_DNS_FAKE", "BRO_DNS_FAKE" }, - { "ZEEK_SEED_FILE", "BRO_SEED_FILE" }, - { "ZEEK_LOG_SUFFIX", "BRO_LOG_SUFFIX" }, - { "ZEEK_PROFILER_FILE", "BRO_PROFILER_FILE" }, - { "ZEEK_DISABLE_ZEEKYGEN", "BRO_DISABLE_BROXYGEN" }, - { "ZEEK_DEFAULT_CONNECT_RETRY", "BRO_DEFAULT_CONNECT_RETRY" }, - { "ZEEK_BROKER_MAX_THREADS", "BRO_BROKER_MAX_THREADS" }, - { "ZEEK_DEFAULT_LISTEN_ADDRESS", "BRO_DEFAULT_LISTEN_ADDRESS" }, - { "ZEEK_DEFAULT_LISTEN_RETRY", "BRO_DEFAULT_LISTEN_RETRY" }, - }; - auto rval = getenv(name); if ( rval )