From 421639e7a7f9736155e1e06c22d8b69a15ef75cf Mon Sep 17 00:00:00 2001 From: Christian Kreibich Date: Fri, 8 Jan 2021 19:13:06 -0800 Subject: [PATCH] Explicitly don't support sets with multiple index types in input/config frameworks The input framework's Manager::IsCompatibleType() already rejected sets with multiple index types that aren't all the same (i.e. that are not pure). Pure ones (e.g. "set[addr,addr]") slipped through and could cause Zeek to segfault elsewhere in the config framework due to type comparison subtleties. Note that the ASCII reader can't read such sets anyway, so this method now rejects sets with any kind of index-type tuple. In the config framework, the script-level change handler has a risky conversion from any to set[bool], which can trigger segfaults when the underlying set's index is a type tuple. We now prevent this code path by ensuring it only applies to sets with a single index type. --- scripts/base/frameworks/config/main.zeek | 7 ++++++- src/input/Manager.cc | 7 ++++++- 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/scripts/base/frameworks/config/main.zeek b/scripts/base/frameworks/config/main.zeek index e2cfb11c8a..5fe7f6eaaf 100644 --- a/scripts/base/frameworks/config/main.zeek +++ b/scripts/base/frameworks/config/main.zeek @@ -124,8 +124,13 @@ function format_value(value: any) : string { local tn = type_name(value); local part: string_vec = vector(); - if ( /^set/ in tn ) + + if ( /^set/ in tn && strstr(tn, ",") == 0 ) { + # The conversion to set here is tricky and assumes + # that the set isn't indexed via a tuple of types. + # The above check for commas in the type name + # ensures this. local it: set[bool] = value; for ( sv in it ) part += cat(sv); diff --git a/src/input/Manager.cc b/src/input/Manager.cc index 27b47491eb..e065b87566 100644 --- a/src/input/Manager.cc +++ b/src/input/Manager.cc @@ -833,7 +833,12 @@ bool Manager::IsCompatibleType(Type* t, bool atomic_only) if ( ! t->IsSet() ) return false; - return IsCompatibleType(t->AsSetType()->GetIndices()->GetPureType().get(), true); + const auto& indices = t->AsSetType()->GetIndices(); + + if ( indices->GetTypes().size() != 1 ) + return false; + + return IsCompatibleType(indices->GetPureType().get(), true); } case TYPE_VECTOR: