Merge remote-tracking branch 'origin/topic/awelzel/arm64-container-follow-ups-2'

* origin/topic/awelzel/arm64-container-follow-ups-2: Bump private testsuite for char handling fixes Base64: report byte as positive integer netbios_decode: use unsigned char for result analyzer/http: Do not assume char is signed cirrus: Run tests in a Debian 11 container, too
2025-10-02 14:48:21 +00:00 · 2023-02-02 18:35:02 +01:00 · 2023-02-02 18:35:02 +01:00 · b6df7773a9
commit b6df7773a9
parent 916ffd25eb bbe0a86d4a
9 changed files with 42 additions and 10 deletions
--- a/.cirrus.yml
+++ b/.cirrus.yml
@ -187,6 +187,13 @@ debian11_task:
    << : *RESOURCES_TEMPLATE
  << : *CI_TEMPLATE
 arm_debian11_task:
  arm_container:
    # Debian 11 EOL: June 2026
    dockerfile: ci/debian-11/Dockerfile
    << : *RESOURCES_TEMPLATE
  << : *CI_TEMPLATE
 debian11_static_task:
  container:
    # Just use a recent/common distro to run a static compile test.
@ -527,6 +534,10 @@ container_image_manifest_docker_builder:
    - docker tag zeek/zeek-multiarch:amd64 zeekurity/zeek-multiarch:amd64
    - ZEEK_IMAGE_REPO=zeekurity ./ci/container-images-tag-and-push.sh
  depends_on:
    # Only push out the image if all the btests succeeded and the
    # images have been built.
    - arm_debian11
    - debian11
    - arm64_container_image
    - amd64_container_image
--- a/src/Base64.cc
+++ b/src/Base64.cc
@ -184,17 +184,17 @@ int Base64Converter::Decode(int len, const char* data, int* pblen, char** pbuf)
 		if ( dlen >= len )
 			break;
-		if ( data[dlen] == '=' )
+		unsigned char c = (unsigned char)data[dlen];
 		if ( c == '=' )
 			++base64_padding;
-		int k = base64_table[(unsigned char)data[dlen]];
+		int k = base64_table[c];
 		if ( k >= 0 )
 			base64_group[base64_group_next++] = k;
 		else
 			{
 			if ( ++errored == 1 )
-				IllegalEncoding(
+				IllegalEncoding(util::fmt("character %d ignored by Base64 decoding", (int)c));
 					util::fmt("character %d ignored by Base64 decoding", (int)(data[dlen])));
 			}
 		++dlen;
--- a/src/analyzer/protocol/http/HTTP.cc
+++ b/src/analyzer/protocol/http/HTTP.cc
@ -1186,9 +1186,9 @@ const char* HTTP_Analyzer::PrefixWordMatch(const char* line, const char* end_of_
 	return line;
 	}
-static bool is_HTTP_token_char(char c)
+static bool is_HTTP_token_char(unsigned char c)
 	{
-	return c > 31 && c != 127 && // CTL per RFC 2616.
+	return c > 31 && c < 127 && // Exclude non-ascii and DEL/CTL per RFC 2616
 	       c != ' ' && c != '\t' && // Separators.
 	       c != '(' && c != ')' && c != '<' && c != '>' && c != '@' && c != ',' && c != ';' &&
 	       c != ':' && c != '\\' && c != '"' && c != '/' && c != '[' && c != ']' && c != '?' &&
--- a/src/analyzer/protocol/netbios/functions.bif
+++ b/src/analyzer/protocol/netbios/functions.bif
@ -25,7 +25,7 @@ function decode_netbios_name%(name: string%): string
 	if ( name->Len() != 32 )
 		return val_mgr->EmptyString();
-	char buf[16];
+	unsigned char buf[16];
 	const u_char* s = name->Bytes();
 	int i, j;
 	int length = 0;
@ -68,7 +68,7 @@ function decode_netbios_name%(name: string%): string
 		--length;
 		}
-	return zeek::make_intrusive<zeek::StringVal>(length, buf);
+	return zeek::make_intrusive<zeek::StringVal>(length, (const char *)buf);
 	%}
 ## Converts a NetBIOS name type to its corresponding numeric value.
--- a/testing/btest/Baseline/bifs.decode_base64_errors/out
+++ b/testing/btest/Baseline/bifs.decode_base64_errors/out
@ -0,0 +1,7 @@
 ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
 error: character 94 ignored by Base64 decoding
 error: error in decoding string ^#@!@##$!===
 error: character 237 ignored by Base64 decoding
 error: error in decoding string íîï===
 PASS
 PASS
--- a/testing/btest/Baseline/bifs.netbios-functions/out
+++ b/testing/btest/Baseline/bifs.netbios-functions/out
@ -11,3 +11,4 @@
 256, 0, 
 256, 0, 
 256, 0, 
 0, 0, 
--- a/testing/btest/bifs/decode_base64_errors.zeek
+++ b/testing/btest/bifs/decode_base64_errors.zeek
@ -0,0 +1,11 @@
 # @TEST-EXEC: zeek -b %INPUT >out 2>&1
 # @TEST-EXEC: btest-diff out
 event zeek_init()
 	{
 	local r1 = decode_base64("^#@!@##$!===");
 	print |r1| > 0 ? "FAIL" : "PASS";
 	local r2 = decode_base64("\xed\xee\xef===");
 	print |r2| > 0 ? "FAIL" : "PASS";
 	}
--- a/testing/btest/bifs/netbios-functions.zeek
+++ b/testing/btest/bifs/netbios-functions.zeek
@ -21,7 +21,9 @@ local encoded_names = vector(
 		"cacacacacacacacacacacacacacacaca", # empty
 		"abcd",                             # invalid length
 		"~jfdebfeebfacacacacacacacacacaaa", # invalid alphabet
-		"0jfdebfeebfacacacacacacacacacaaa");# invalid alphabet
+		"0jfdebfeebfacacacacacacacacacaaa", # invalid alphabet
 		"lpejldmeebfacacacacacacacacacaaa", # non-ascii stuff
 );
 for ( i in encoded_names )
 	decode_name(encoded_names[i]);
--- a/testing/external/commit-hash.zeek-testing-private
+++ b/testing/external/commit-hash.zeek-testing-private
@ -1 +1 @@
-7bbcd06c50dc5bcae3533842c302c617ac5f1852
+0bd2853c1666e89da1c262107d8be7a445078f8a
 , 0,
 , 0,
 , 0,
+, 0,
`@ -1 +1 @@`
	`7bbcd06c50dc5bcae3533842c302c617ac5f1852`	`0bd2853c1666e89da1c262107d8be7a445078f8a`