From 846237a280e2fd0fc9483b7c7e956b2120ba8a15 Mon Sep 17 00:00:00 2001 From: Seth Hall Date: Mon, 6 Dec 2010 15:43:32 -0500 Subject: [PATCH 1/4] Applied Gregor's patch from ticket #247 to fix compile time errors with OpenSSL support. --- src/X509.cc | 6 +++--- src/ssl-analyzer.pac | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/src/X509.cc b/src/X509.cc index c8975cc581..9de73d2a9d 100644 --- a/src/X509.cc +++ b/src/X509.cc @@ -192,7 +192,7 @@ int X509_Cert::verifyChain(Contents_SSL* e, const u_char* data, uint32 len) // but in chain format). // Init the stack. - STACK_OF(X509)* untrustedCerts = sk_new_null(); + STACK_OF(X509)* untrustedCerts = sk_X509_new_null(); if ( ! untrustedCerts ) { // Internal error allocating stack of untrusted certs. @@ -233,7 +233,7 @@ int X509_Cert::verifyChain(Contents_SSL* e, const u_char* data, uint32 len) else // The remaining certificates (if any) are put into // the list of untrusted certificates - sk_push(untrustedCerts, (char*) pTemp); + sk_X509_push(untrustedCerts, pTemp); tempLength += certLength + 3; } @@ -259,7 +259,7 @@ int X509_Cert::verifyChain(Contents_SSL* e, const u_char* data, uint32 len) // Free the stack, incuding. contents. // FIXME: could this break Bro's memory tracking? - sk_pop_free(untrustedCerts, free); + sk_X509_pop_free(untrustedCerts, X509_free); return ret; } diff --git a/src/ssl-analyzer.pac b/src/ssl-analyzer.pac index d08be0c886..78baecc5cc 100644 --- a/src/ssl-analyzer.pac +++ b/src/ssl-analyzer.pac @@ -370,7 +370,7 @@ refine analyzer SSLAnalyzer += { STACK_OF(X509)* untrusted_certs = 0; if ( certificates->size() > 1 ) { - untrusted_certs = sk_new_null(); + untrusted_certs = sk_X509_new_null(); if ( ! untrusted_certs ) { // X509_V_ERR_OUT_OF_MEM; @@ -393,7 +393,7 @@ refine analyzer SSLAnalyzer += { return false; } - sk_push(untrusted_certs, (char*) pTemp); + sk_X509_push(untrusted_certs, pTemp); } } @@ -405,7 +405,7 @@ refine analyzer SSLAnalyzer += { certificate_error(csc.error); X509_STORE_CTX_cleanup(&csc); - sk_pop_free(untrusted_certs, free_X509); + sk_X509_pop_free(untrusted_certs, X509_free); } X509_free(pCert); From dc5d3560f7e612229ed976c2125171ace5cef958 Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Wed, 8 Dec 2010 04:10:26 -0800 Subject: [PATCH 2/4] Merge with Subversion repository as of r7137. Incorporated change: * Fix for packet processing resumption when a remote Bro dies during state synchronization (Robin Sommer). --- CHANGES | 7 +++++++ VERSION | 2 +- src/RemoteSerializer.cc | 16 ++++++++++++++-- 3 files changed, 22 insertions(+), 3 deletions(-) diff --git a/CHANGES b/CHANGES index e09ccccab3..f2f271e141 100644 --- a/CHANGES +++ b/CHANGES @@ -2,6 +2,13 @@ -+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +1.6-dev.3 Wed Dec 8 04:09:38 PST 2010 + +- Merge with Subversion repository as of r7137. Incorporated change: + + * Fix for packet processing resumption when a remote Bro dies + during state synchronization (Robin Sommer). + 1.6-dev.2 Wed Dec 8 03:57:03 PST 2010 - Compatibility fix for OpenSSL 1.0.0 (Christian Kreibich, Gregor diff --git a/VERSION b/VERSION index 145483ad7b..c83f86baee 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.6-dev.2 +1.6-dev.3 diff --git a/src/RemoteSerializer.cc b/src/RemoteSerializer.cc index 8577435502..a9329cc9cb 100644 --- a/src/RemoteSerializer.cc +++ b/src/RemoteSerializer.cc @@ -681,7 +681,7 @@ bool RemoteSerializer::CloseConnection(Peer* peer) if ( peer->suspended_processing ) { net_continue_processing(); - current_peer->suspended_processing = false; + peer->suspended_processing = false; } if ( peer->state == Peer::CLOSING ) @@ -1606,6 +1606,12 @@ void RemoteSerializer::PeerDisconnected(Peer* peer) { assert(peer); + if ( peer->suspended_processing ) + { + net_continue_processing(); + peer->suspended_processing = false; + } + if ( peer->state == Peer::CLOSED || peer->state == Peer::INIT ) return; @@ -1736,6 +1742,12 @@ void RemoteSerializer::UnregisterHandlers(Peer* peer) void RemoteSerializer::RemovePeer(Peer* peer) { + if ( peer->suspended_processing ) + { + net_continue_processing(); + peer->suspended_processing = false; + } + peers.remove(peer); UnregisterHandlers(peer); @@ -2933,7 +2945,7 @@ void SocketComm::Run() struct timeval small_timeout; small_timeout.tv_sec = 0; small_timeout.tv_usec = - io->CanWrite() || io->CanRead() ? 10 : 10000; + io->CanWrite() || io->CanRead() ? 1 : 10; int a = select(max_fd + 1, &fd_read, &fd_write, &fd_except, &small_timeout); From c6631d148362aab0c6fd1f0e6a4db0874f0f3ffe Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Wed, 8 Dec 2010 04:46:10 -0800 Subject: [PATCH 3/4] Reversing the null-byte change to strings.bif once more. I'm actually not sure how that got back in again, but it did ... Must have been during the merges. --- src/strings.bif | 180 +++++++++++++++++++++++++++--------------------- 1 file changed, 101 insertions(+), 79 deletions(-) diff --git a/src/strings.bif b/src/strings.bif index 6044813476..44b0c57eb6 100644 --- a/src/strings.bif +++ b/src/strings.bif @@ -138,27 +138,27 @@ function sort_string_array%(a: string_array%): string_array function edit%(arg_s: string, arg_edit_char: string%): string %{ - if ( arg_edit_char->Len() != 1 ) + const char* s = arg_s->AsString()->CheckString(); + const char* edit_s = arg_edit_char->AsString()->CheckString(); + + if ( strlen(edit_s) != 1 ) builtin_run_time("not exactly one edit character", @ARG@[1]); - - const u_char* s = arg_s->Bytes(); - const u_char* edit_s = arg_edit_char->Bytes(); - u_char edit_c = *edit_s; + char edit_c = *edit_s; - int n = arg_s->Len(); - u_char* new_s = new u_char[n+1]; + int n = strlen(s) + 1; + char* new_s = new char[n]; int ind = 0; - for ( int i=0; iAsString(); TableVal* a = new TableVal(internal_type("string_array")->AsTableType()); ListVal* other_strings = 0; @@ -208,54 +209,66 @@ Val* do_split(StringVal* str_val, RE_Matcher* re, TableVal* other_sep, // the future we expect to change this by giving RE_Matcher a // const char* segment. - const u_char* s = str_val->Bytes(); - int n = str_val->Len(); - const u_char* end_of_s = s + n; + const char* s = str->CheckString(); + int len = strlen(s); + const char* end_of_s = s + len; int num = 0; int num_sep = 0; - - int offset = 0; - while ( n > 0 ) + while ( 1 ) { - offset = 0; - // Find next match offset. - int end_of_match; - while ( n > 0 && - (end_of_match = re->MatchPrefix(&s[offset], n)) <= 0 ) + int offset = 0; + const char* t; + + if ( max_num_sep > 0 && num_sep >= max_num_sep ) + t = end_of_s; + else { - // Move on to next character. - ++offset; - --n; + for ( t = s; t < end_of_s; ++t ) + { + offset = re->MatchPrefix(t); + + if ( other_strings ) + { + val_list* vl = other_strings->Vals(); + loop_over_list(*vl, i) + { + const BroString* sub = + (*vl)[i]->AsString(); + if ( sub->Len() > offset && + match_prefix(end_of_s - t, + t, sub->Len(), + (const char*) (sub->Bytes())) ) + { + offset = sub->Len(); + } + } + } + + if ( offset > 0 ) + break; + } } - + Val* ind = new Val(++num, TYPE_COUNT); - a->Assign(ind, new StringVal(offset, (const char*) s)); + a->Assign(ind, new StringVal(t - s, s)); Unref(ind); - // No more separators will be needed if this is the end of string. - if ( n <= 0 ) + if ( t >= end_of_s ) break; + ++num_sep; + if ( incl_sep ) { // including the part that matches the pattern ind = new Val(++num, TYPE_COUNT); - a->Assign(ind, new StringVal(end_of_match, (const char*) s+offset)); + a->Assign(ind, new StringVal(offset, t)); Unref(ind); } - - ++num_sep; - if ( max_num_sep && num_sep >= max_num_sep ) - break; - - offset += end_of_match; - n -= end_of_match; - s += offset; - + + s = t + offset; if ( s > end_of_s ) - { internal_error("RegMatch in split goes beyond the string"); - } } if ( other_strings ) @@ -463,38 +476,42 @@ function subst_string%(s: string, from: string, to: string%): string function to_lower%(str: string%): string %{ - const u_char* s = str->Bytes(); - int n = str->Len(); + const char* s = str->CheckString(); + int n = strlen(s) + 1; char* lower_s = new char[n]; - char* ls = lower_s; - for (int i=0; iBytes(); - int n = str->Len(); + const char* s = str->CheckString(); + int n = strlen(s) + 1; char* upper_s = new char[n]; - char* us = upper_s; - - for (int i=0; iBytes(); - int n = str->Len(); + const char* s = str->CheckString(); - if ( n == 0 ) + int n = strlen(s) + 1; + char* strip_s = new char[n]; + + if ( n == 1 ) // Empty string. - return new StringVal(new BroString(s, n, 1)); + return new StringVal(new BroString(1, byte_vec(strip_s), 0)); - const u_char* sp = s; - // Move a pointer to the end of the string - const u_char* e = &sp[n-1]; - while ( e > sp && isspace(*e) ) + while ( isspace(*s) ) + ++s; + + strncpy(strip_s, s, n); + + char* s2 = strip_s; + char* e = &s2[strlen(s2) - 1]; + + while ( e > s2 && isspace(*e) ) --e; - // Move the pointer for the beginning of the string - while ( isspace(*sp) ) - ++sp; + e[1] = '\0'; // safe even if e hasn't changed, due to n = strlen + 1 - return new StringVal(new BroString(sp, e-sp+1, 1)); + return new StringVal(new BroString(1, byte_vec(s2), (e-s2)+1)); %} function string_fill%(len: int, source: string%): string %{ - const u_char* src = source->Bytes(); - int n = source->Len(); + const char* src = source->CheckString(); + + int sn = strlen(src); char* dst = new char[len]; - for ( int i = 0; i < len; i += n ) - ::memcpy((dst + i), src, min(n, len - i)); + for ( int i = 0; i < len; i += sn ) + ::memcpy((dst + i), src, min(sn, len - i)); dst[len - 1] = 0; @@ -627,12 +650,11 @@ function string_fill%(len: int, source: string%): string # function str_shell_escape%(source: string%): string %{ - uint j = 0; - const u_char* src = source->Bytes(); - uint n = source->Len(); - byte_vec dst = new u_char[n * 2 + 1]; + unsigned j = 0; + const char* src = source->CheckString(); + char* dst = new char[strlen(src) * 2 + 1]; - for ( uint i = 0; i < n; ++i ) + for ( unsigned i = 0; i < strlen(src); ++i ) { switch ( src[i] ) { case '`': case '"': case '\\': case '$': @@ -650,7 +672,7 @@ function str_shell_escape%(source: string%): string } dst[j] = '\0'; - return new StringVal(new BroString(1, dst, j)); + return new StringVal(new BroString(1, byte_vec(dst), j)); %} # Returns all occurrences of the given pattern in the given string (an empty From a5890e304ac47393bbb32338600383f9d976a275 Mon Sep 17 00:00:00 2001 From: Robin Sommer Date: Wed, 8 Dec 2010 04:48:38 -0800 Subject: [PATCH 4/4] Updating modules. --- aux/binpac | 2 +- aux/bro-aux | 2 +- aux/broccoli | 2 +- aux/broctl | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/aux/binpac b/aux/binpac index 2873ac642e..c3c7ef0dfd 160000 --- a/aux/binpac +++ b/aux/binpac @@ -1 +1 @@ -Subproject commit 2873ac642e2780cbbba3c0882423a75ca3350534 +Subproject commit c3c7ef0dfddb0746d3762e41086ba42928e68483 diff --git a/aux/bro-aux b/aux/bro-aux index 0a946b4d66..98f92eeb40 160000 --- a/aux/bro-aux +++ b/aux/bro-aux @@ -1 +1 @@ -Subproject commit 0a946b4d660fda37a868bb01974211df9cd48ac7 +Subproject commit 98f92eeb40281045159097764abddc428fb49bf2 diff --git a/aux/broccoli b/aux/broccoli index 845c33c8d5..330cde879b 160000 --- a/aux/broccoli +++ b/aux/broccoli @@ -1 +1 @@ -Subproject commit 845c33c8d57f7ca2b12323534ffed2645ea2563f +Subproject commit 330cde879b51a88455a4f126cc65b21fb16f5420 diff --git a/aux/broctl b/aux/broctl index 095e6e070f..0b8ecaec36 160000 --- a/aux/broctl +++ b/aux/broctl @@ -1 +1 @@ -Subproject commit 095e6e070f5cd2ac634ceb65c4fe2633a5551902 +Subproject commit 0b8ecaec3652ed2ea2bd7580062eabe5a1e051d1