From 886cc7368f357c15a9cd4f24c6ccad48f111d18c Mon Sep 17 00:00:00 2001
From: Seth Hall <seth@icir.org>
Date: Wed, 20 Jun 2012 14:20:06 -0400
Subject: [PATCH] Fix a bug in the SOCKS analyzer.

---
 src/socks-analyzer.pac | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/src/socks-analyzer.pac b/src/socks-analyzer.pac
index 0842303f40..2c3fd68e09 100644
--- a/src/socks-analyzer.pac
+++ b/src/socks-analyzer.pac
@@ -22,9 +22,11 @@ refine connection SOCKS_Conn += {
 
 	function socks4_request(request: SOCKS4_Request): bool
 		%{
-		StringVal *dstname;
+		StringVal *dstname = 0;
 		if ( ${request.v4a} )
 			dstname = array_to_string(${request.name});
+		else
+			dstname = new StringVal("");
 		
 		BifEvent::generate_socks_request(bro_analyzer(),
 		                                 bro_analyzer()->Conn(),
@@ -77,6 +79,11 @@ refine connection SOCKS_Conn += {
 				break;
 			}
 		
+		if ( ! ip_addr )
+			ip_addr = new AddrVal(uint32(0));
+		if ( ! domain_name )
+			domain_name = new StringVal("");
+		
 		BifEvent::generate_socks_request(bro_analyzer(),
 		                                 bro_analyzer()->Conn(),
 		                                 5,
@@ -113,6 +120,11 @@ refine connection SOCKS_Conn += {
 				break;
 			}
 		
+		if ( ! ip_addr )
+			ip_addr = new AddrVal(uint32(0));
+		if ( ! domain_name )
+			domain_name = new StringVal("");
+		
 		BifEvent::generate_socks_reply(bro_analyzer(),
 		                               bro_analyzer()->Conn(),
 		                               5,