Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-11 19:18:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Fix a crash when a user disables DCE_RPC and enabled SMB.

Browse source 
I wasn't accounting for analyzers being disabled and not actually
instantiating when requested.  This includes a test which
verifies there is no crash or problem when a user disables DCE_RPC.
This commit is contained in:
Seth Hall 2016-08-28 21:28:57 -04:00
parent ec0ffc5452
commit 8015e35747
2 changed files with 19 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

10
src/analyzer/protocol/smb/smb-pipe.pac
View file

@ -41,15 +41,19 @@ refine connection SMB_Conn += {
if ( fid_to_analyzer_map.count(fid) == 0 )
{
pipe_dcerpc = (analyzer::dce_rpc::DCE_RPC_Analyzer *)analyzer_mgr->InstantiateAnalyzer("DCE_RPC", bro_analyzer()->Conn());
pipe_dcerpc->SetFileID(fid);
fid_to_analyzer_map[fid] = pipe_dcerpc;
if ( pipe_dcerpc )
{
pipe_dcerpc->SetFileID(fid);
fid_to_analyzer_map[fid] = pipe_dcerpc;
}
}
else
{
pipe_dcerpc = fid_to_analyzer_map.at(fid);
}
pipe_dcerpc->DeliverStream(${pipe_data}.length(), ${pipe_data}.begin(), is_orig);
if ( pipe_dcerpc )
pipe_dcerpc->DeliverStream(${pipe_data}.length(), ${pipe_data}.begin(), is_orig);
return true;
%}