From 4f9cb6912a1d4f04e4a295a4b7455607ea902c95 Mon Sep 17 00:00:00 2001
From: Robin Sommer <robin@icir.org>
Date: Mon, 23 May 2016 12:45:23 -0700
Subject: [PATCH] Fix for a table refering to a expire function that's not
 defined.

I was hoping to report this right at startup through a static check
but turns out we don't have the right machinery in place for that.
That would need to be done after the AST has been finalized, but our
AST traversal code can't iterate over types. So instead I've changed
this so that it's still being reported at runtime but at least
doesn't crash Bro anymore.

Closes BIT-1597.
---
 CHANGES                                       |  5 +++
 VERSION                                       |  2 +-
 src/Val.cc                                    | 17 +++++++-
 .../language.expire-func-undef/output         | 20 ++++++++++
 testing/btest/language/expire-func-undef.bro  | 40 +++++++++++++++++++
 5 files changed, 82 insertions(+), 2 deletions(-)
 create mode 100644 testing/btest/Baseline/language.expire-func-undef/output
 create mode 100644 testing/btest/language/expire-func-undef.bro

diff --git a/CHANGES b/CHANGES
index abbbcb6ff9..655a1419d3 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,4 +1,9 @@
 
+2.4-572 | 2016-05-23 12:45:23 -0700
+
+  * Fix for a table refering to a expire function that's not defined.
+    Addresses BIT-1597. (Robin Sommer)
+
 2.4-571 | 2016-05-23 08:26:43 -0700
 
   * Fixing a few Coverity warnings. (Robin Sommer)
diff --git a/VERSION b/VERSION
index b15074dfd9..bd4866e283 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-2.4-571
+2.4-572
diff --git a/src/Val.cc b/src/Val.cc
index f008c63787..6b63922575 100644
--- a/src/Val.cc
+++ b/src/Val.cc
@@ -2285,8 +2285,23 @@ double TableVal::CallExpireFunc(Val* idx)
 
 	try
 		{
-		Val* vs = expire_expr->Eval(0)->AsFunc()->Call(vl);
+		Val* vf = expire_expr->Eval(0);
+
+		if ( ! vf )
+			// Will have been reported already.
+			return 0;
+
+		if ( vf->Type()->Tag() != TYPE_FUNC )
+			{
+			Unref(vf);
+			vf->Error("not a function");
+			return 0;
+			}
+
+		Val* vs = vf->AsFunc()->Call(vl);
 		secs = vs->AsInterval();
+
+		Unref(vf);
 		Unref(vs);
 		delete vl;
 		}
diff --git a/testing/btest/Baseline/language.expire-func-undef/output b/testing/btest/Baseline/language.expire-func-undef/output
new file mode 100644
index 0000000000..05b71a9908
--- /dev/null
+++ b/testing/btest/Baseline/language.expire-func-undef/output
@@ -0,0 +1,20 @@
+1299470395.000000 error in /home/robin/bro/master/testing/btest/.tmp/language.expire-func-undef/expire-func-undef.bro, line 12: value used but not set (segfault::scan_summary)
+1299470405.000000 error in /home/robin/bro/master/testing/btest/.tmp/language.expire-func-undef/expire-func-undef.bro, line 12: value used but not set (segfault::scan_summary)
+1299473995.000000 error in /home/robin/bro/master/testing/btest/.tmp/language.expire-func-undef/expire-func-undef.bro, line 12: value used but not set (segfault::scan_summary)
+1299474005.000000 error in /home/robin/bro/master/testing/btest/.tmp/language.expire-func-undef/expire-func-undef.bro, line 12: value used but not set (segfault::scan_summary)
+1299477595.000000 error in /home/robin/bro/master/testing/btest/.tmp/language.expire-func-undef/expire-func-undef.bro, line 12: value used but not set (segfault::scan_summary)
+1299477605.000000 error in /home/robin/bro/master/testing/btest/.tmp/language.expire-func-undef/expire-func-undef.bro, line 12: value used but not set (segfault::scan_summary)
+1299481195.000000 error in /home/robin/bro/master/testing/btest/.tmp/language.expire-func-undef/expire-func-undef.bro, line 12: value used but not set (segfault::scan_summary)
+1299481205.000000 error in /home/robin/bro/master/testing/btest/.tmp/language.expire-func-undef/expire-func-undef.bro, line 12: value used but not set (segfault::scan_summary)
+1299484795.000000 error in /home/robin/bro/master/testing/btest/.tmp/language.expire-func-undef/expire-func-undef.bro, line 12: value used but not set (segfault::scan_summary)
+1299484805.000000 error in /home/robin/bro/master/testing/btest/.tmp/language.expire-func-undef/expire-func-undef.bro, line 12: value used but not set (segfault::scan_summary)
+1299488395.000000 error in /home/robin/bro/master/testing/btest/.tmp/language.expire-func-undef/expire-func-undef.bro, line 12: value used but not set (segfault::scan_summary)
+1299488405.000000 error in /home/robin/bro/master/testing/btest/.tmp/language.expire-func-undef/expire-func-undef.bro, line 12: value used but not set (segfault::scan_summary)
+1299491995.000000 error in /home/robin/bro/master/testing/btest/.tmp/language.expire-func-undef/expire-func-undef.bro, line 12: value used but not set (segfault::scan_summary)
+1299492005.000000 error in /home/robin/bro/master/testing/btest/.tmp/language.expire-func-undef/expire-func-undef.bro, line 12: value used but not set (segfault::scan_summary)
+1299495595.000000 error in /home/robin/bro/master/testing/btest/.tmp/language.expire-func-undef/expire-func-undef.bro, line 12: value used but not set (segfault::scan_summary)
+1299495605.000000 error in /home/robin/bro/master/testing/btest/.tmp/language.expire-func-undef/expire-func-undef.bro, line 12: value used but not set (segfault::scan_summary)
+1299499195.000000 error in /home/robin/bro/master/testing/btest/.tmp/language.expire-func-undef/expire-func-undef.bro, line 12: value used but not set (segfault::scan_summary)
+1299499205.000000 error in /home/robin/bro/master/testing/btest/.tmp/language.expire-func-undef/expire-func-undef.bro, line 12: value used but not set (segfault::scan_summary)
+1299502795.000000 error in /home/robin/bro/master/testing/btest/.tmp/language.expire-func-undef/expire-func-undef.bro, line 12: value used but not set (segfault::scan_summary)
+orig: 10.0.0.2: peers: {\x0a\x0910.0.0.3\x0a}
diff --git a/testing/btest/language/expire-func-undef.bro b/testing/btest/language/expire-func-undef.bro
new file mode 100644
index 0000000000..1184cd2bf2
--- /dev/null
+++ b/testing/btest/language/expire-func-undef.bro
@@ -0,0 +1,40 @@
+# @TEST-EXEC: bro -r $TRACES/rotation.trace -b %INPUT >output 2>&1
+# @TEST-EXEC: btest-diff output
+
+module segfault; 
+
+export {
+
+        global scan_summary:
+                function(t: table[addr] of set[addr], orig: addr): interval;
+
+        global distinct_peers: table[addr] of set[addr]
+                &read_expire = 7 secs &expire_func=scan_summary &redef;
+
+} 
+
+
+event new_connection(c: connection)
+{ 
+
+	local orig = c$id$orig_h ;
+	local resp = c$id$resp_h ; 
+
+
+	if (orig !in distinct_peers)
+		distinct_peers[orig]=set(); 
+	
+	if (resp !in distinct_peers[orig]) 
+		add distinct_peers[orig][resp]; 
+
+} 
+
+event bro_done()
+{
+
+	for (o in distinct_peers)
+	{ 
+		print fmt("orig: %s: peers: %s", o, distinct_peers[o]); 
+	} 
+
+}