Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Merge remote-tracking branch 'origin/topic/timw/iptunnel-coverity-findings'

Browse source 
* origin/topic/timw/iptunnel-coverity-findings:
  Fix Coverity findings from recent IPTunnel dumping changes
This commit is contained in:
Tim Wojtulewicz 2025-03-04 08:52:13 -07:00
commit a2a30f2a2b
3 changed files with 19 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

4
CHANGES
View file

@ -1,3 +1,7 @@
7.2.0-dev.255 | 2025-03-04 08:52:13 -0700
* Fix Coverity findings from recent IPTunnel dumping changes (Tim Wojtulewicz, Corelight)
7.2.0-dev.253 | 2025-03-04 13:38:32 +0000 7.2.0-dev.253 | 2025-03-04 13:38:32 +0000
* RDP: cookie is optional (Johanna Amann, Corelight) * RDP: cookie is optional (Johanna Amann, Corelight)

2
VERSION
View file

@ -1 +1 @@
7.2.0-dev.253 7.2.0-dev.255

24
src/packet_analysis/protocol/iptunnel/IPTunnel.cc
View file

@ -101,22 +101,24 @@ bool IPTunnelAnalyzer::ProcessEncapsulatedPacket(double t, Packet* pkt, const st
else else
data = (const u_char*)inner->IP6_Hdr(); data = (const u_char*)inner->IP6_Hdr();
auto outer = prev ? prev : std::make_shared<EncapsulationStack>(); auto outer = prev ? std::move(prev) : std::make_shared<EncapsulationStack>();
outer->Add(ec); outer->Add(ec);
// Construct fake packet containing the inner packet so it can be processed // Construct fake packet containing the inner packet so it can be processed
// like a normal one. // like a normal one.
Packet p; Packet p;
p.Init(DLT_RAW, &ts, caplen, len, data, false, ""); p.Init(DLT_RAW, &ts, caplen, len, data, false, "");
p.encap = outer; p.encap = std::move(outer);
// Forward the packet back to the IP analyzer. // Forward the packet back to the IP analyzer.
bool return_val = ForwardPacket(len, data, &p); bool return_val = ForwardPacket(len, data, &p);
// Propagate the flags from fake inner packet to outer packet // Propagate the flags from fake inner packet to outer packet
pkt->processed = p.processed; if ( pkt ) {
pkt->dump_packet = p.dump_packet; pkt->processed = p.processed;
pkt->dump_size = (p.dump_size > 0) ? static_cast<int>(data - pkt->data) + p.dump_size : p.dump_size; pkt->dump_packet = p.dump_packet;
pkt->dump_size = (p.dump_size > 0) ? static_cast<int>(data - pkt->data) + p.dump_size : p.dump_size;
}
return return_val; return return_val;
} }
@ -137,23 +139,25 @@ bool IPTunnelAnalyzer::ProcessEncapsulatedPacket(double t, Packet* pkt, uint32_t
ts.tv_usec = (suseconds_t)((run_state::network_time - (double)ts.tv_sec) * 1000000); ts.tv_usec = (suseconds_t)((run_state::network_time - (double)ts.tv_sec) * 1000000);
} }
auto outer = prev ? prev : std::make_shared<EncapsulationStack>(); auto outer = prev ? std::move(prev) : std::make_shared<EncapsulationStack>();
outer->Add(ec); outer->Add(ec);
// Construct fake packet containing the inner packet so it can be processed // Construct fake packet containing the inner packet so it can be processed
// like a normal one. // like a normal one.
Packet p; Packet p;
p.Init(link_type, &ts, caplen, len, data, false, ""); p.Init(link_type, &ts, caplen, len, data, false, "");
p.encap = outer; p.encap = std::move(outer);
// Process the packet as if it was a brand new packet by passing it back // Process the packet as if it was a brand new packet by passing it back
// to the packet manager. // to the packet manager.
bool return_val = packet_mgr->ProcessInnerPacket(&p); bool return_val = packet_mgr->ProcessInnerPacket(&p);
// Propagate the flags from fake inner packet to outer packet // Propagate the flags from fake inner packet to outer packet
pkt->processed = p.processed; if ( pkt ) {
pkt->dump_packet = p.dump_packet; pkt->processed = p.processed;
pkt->dump_size = (p.dump_size > 0) ? static_cast<int>(data - pkt->data) + p.dump_size : p.dump_size; pkt->dump_packet = p.dump_packet;
pkt->dump_size = (p.dump_size > 0) ? static_cast<int>(data - pkt->data) + p.dump_size : p.dump_size;
}
return return_val; return return_val;
} }