Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Small but important fix for the input framework. BroStrings were constructed

Browse source 
without a final \0 - which means that strings read by the input framework are
unusable by basically all internal functions (like to_count).

the basic test now also checks this.

Thanks at Sheharbano for noticing this.
This commit is contained in:
Bernhard Amann 2012-10-01 13:04:40 -07:00
parent 474ab86b9c
commit 4cbf4e3caf
3 changed files with 8 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

2
src/input/Manager.cc
View file

@ -2007,7 +2007,7 @@ Val* Manager::ValueToVal(const Value* val, BroType* request_type)
case TYPE_STRING: case TYPE_STRING:
{ {
BroString *s = new BroString((const u_char*)val->val.string_val.data, val->val.string_val.length, 0); BroString *s = new BroString((const u_char*)val->val.string_val.data, val->val.string_val.length, 1);
return new StringVal(s); return new StringVal(s);
} }

3
testing/btest/Baseline/scripts.base.frameworks.input.basic/out
View file

@ -1,5 +1,5 @@
{ {
[-42] = [b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, sc={ [-42] = [b=T, e=SSH::LOG, c=21, p=123/unknown, sn=10.0.0.0/24, a=1.2.3.4, d=3.14, t=1315801931.273616, iv=100.0, s=hurz, ns=4242, sc={
2, 2,
4, 4,
1, 1,
@ -12,3 +12,4 @@ BB
}, vc=[10, 20, 30], ve=[]] }, vc=[10, 20, 30], ve=[]]
} }
4242

8
testing/btest/scripts/base/frameworks/input/basic.bro
View file

@ -8,9 +8,9 @@
@TEST-START-FILE input.log @TEST-START-FILE input.log
#separator \x09 #separator \x09
#path ssh #path ssh
#fields b i e c p sn a d t iv s sc ss se vc ve f #fields b i e c p sn a d t iv s sc ss se vc ve ns
#types bool int enum count port subnet addr double time interval string table table table vector vector func #types bool int enum count port subnet addr double time interval string table table table vector vector string
T -42 SSH::LOG 21 123 10.0.0.0/24 1.2.3.4 3.14 1315801931.273616 100.000000 hurz 2,4,1,3 CC,AA,BB EMPTY 10,20,30 EMPTY SSH::foo\x0a{ \x0aif (0 < SSH::i) \x0a\x09return (Foo);\x0aelse\x0a\x09return (Bar);\x0a\x0a} T -42 SSH::LOG 21 123 10.0.0.0/24 1.2.3.4 3.14 1315801931.273616 100.000000 hurz 2,4,1,3 CC,AA,BB EMPTY 10,20,30 EMPTY 4242
@TEST-END-FILE @TEST-END-FILE
@load base/protocols/ssh @load base/protocols/ssh
@ -37,6 +37,7 @@ type Val: record {
t: time; t: time;
iv: interval; iv: interval;
s: string; s: string;
ns: string;
sc: set[count]; sc: set[count];
ss: set[string]; ss: set[string];
se: set[string]; se: set[string];
@ -57,6 +58,7 @@ event bro_init()
event Input::update_finished(name: string, source:string) event Input::update_finished(name: string, source:string)
{ {
print outfile, servers; print outfile, servers;
print outfile, to_count(servers[-42]$ns); # try to actually use a string. If null-termination is wrong this will fail.
close(outfile); close(outfile);
terminate(); terminate();
} }