From 93c201df576b7a8722dab3de2af2f23772e3f5e1 Mon Sep 17 00:00:00 2001 From: Benjamin Bannier Date: Mon, 4 Nov 2024 16:15:09 +0100 Subject: [PATCH] Fix potential nullptr deref in Spicy plugin runtime If we added a file but the other side of the connection had already run into a protocol violation and shut down we could previously have dereferenced a null cookie. This patch fixes the code so it now throws in such scenarios. --- src/spicy/runtime-support.cc | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/src/spicy/runtime-support.cc b/src/spicy/runtime-support.cc index c4c582dca3..c5d36e0b30 100644 --- a/src/spicy/runtime-support.cc +++ b/src/spicy/runtime-support.cc @@ -285,12 +285,14 @@ void rt::debug(const Cookie& cookie, const std::string& msg) { inline rt::cookie::FileStateStack* _file_state_stack(rt::Cookie* cookie) { auto _ = hilti::rt::profiler::start("zeek/rt/file_state_stack"); - if ( auto c = cookie->protocol ) - return c->is_orig ? &c->fstate_orig : &c->fstate_resp; - else if ( auto f = cookie->file ) - return &f->fstate; - else - throw rt::ValueUnavailable("no current connection or file available"); + if ( cookie ) { + if ( auto c = cookie->protocol ) + return c->is_orig ? &c->fstate_orig : &c->fstate_resp; + else if ( auto f = cookie->file ) + return &f->fstate; + } + + throw rt::ValueUnavailable("no current connection or file available"); } inline const rt::cookie::FileState* _file_state(rt::Cookie* cookie, std::optional fid) {