From d29a43fb7935c1fafff7ad9faa7a91d5767b1b94 Mon Sep 17 00:00:00 2001
From: Luke Cesarz <lcesarz@pm.me>
Date: Sun, 20 Jun 2021 07:47:19 -0700
Subject: [PATCH 1/3] Fix segfault with incomplete connection

Add required HasField check before GetFieldAs call
---
 src/Reporter.cc |  4 ++++
 src/Val.h       | 12 ++++++++++++
 2 files changed, 16 insertions(+)

diff --git a/src/Reporter.cc b/src/Reporter.cc
index 39d38dcee8..4cbc371873 100644
--- a/src/Reporter.cc
+++ b/src/Reporter.cc
@@ -380,6 +380,10 @@ bool Reporter::PermitFlowWeird(const char* name,
 
 bool Reporter::PermitExpiredConnWeird(const char* name, const RecordVal& conn_id)
 	{
+	if ( !conn_id.HasField("orig_h") || !conn_id.HasField("resp_h") ||
+	     !conn_id.HasField("orig_p") || !conn_id.HadField("resp_p") )
+		return false;
+
 	auto conn_tuple = std::make_tuple(conn_id.GetFieldAs<AddrVal>("orig_h"),
 	                                  conn_id.GetFieldAs<AddrVal>("resp_h"),
 	                                  conn_id.GetFieldAs<PortVal>("orig_p")->Port(),
diff --git a/src/Val.h b/src/Val.h
index ef04bfa206..7694532871 100644
--- a/src/Val.h
+++ b/src/Val.h
@@ -1202,6 +1202,18 @@ public:
 		return (*record_val)[field] ? true : false;
 		}
 
+	/**
+	 * Returns true if the given field is in the record, false if
+	 * it's missing.
+	 * @param field  The field name to retrieve.
+	 * @return  Whether there's a value for the given field name.
+	 */
+	bool HasField(const char *field) const
+		{
+		int idx = GetType()->AsRecordType()->FieldOffset(field);
+		return HasField(idx);
+		}
+
 	/**
 	 * Returns the value of a given field index.
 	 * @param field  The field index to retrieve.

From 35334a7681be63db3698d360e46123b2b4eda2ae Mon Sep 17 00:00:00 2001
From: Luke Cesarz <lcesarz@pm.me>
Date: Sun, 20 Jun 2021 08:14:10 -0700
Subject: [PATCH 2/3] Fix typo

---
 src/Reporter.cc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Reporter.cc b/src/Reporter.cc
index 4cbc371873..9dcebeb9bc 100644
--- a/src/Reporter.cc
+++ b/src/Reporter.cc
@@ -381,7 +381,7 @@ bool Reporter::PermitFlowWeird(const char* name,
 bool Reporter::PermitExpiredConnWeird(const char* name, const RecordVal& conn_id)
 	{
 	if ( !conn_id.HasField("orig_h") || !conn_id.HasField("resp_h") ||
-	     !conn_id.HasField("orig_p") || !conn_id.HadField("resp_p") )
+	     !conn_id.HasField("orig_p") || !conn_id.HasField("resp_p") )
 		return false;
 
 	auto conn_tuple = std::make_tuple(conn_id.GetFieldAs<AddrVal>("orig_h"),

From 70c9ae7de93beaf2f57eecd45c68cd96f98f2e1e Mon Sep 17 00:00:00 2001
From: Luke Cesarz <lcesarz@pm.me>
Date: Fri, 25 Jun 2021 12:10:50 -0700
Subject: [PATCH 3/3] Add btest test case

---
 testing/btest/bifs/empty_conn_weird.zeek | 11 +++++++++++
 1 file changed, 11 insertions(+)
 create mode 100644 testing/btest/bifs/empty_conn_weird.zeek

diff --git a/testing/btest/bifs/empty_conn_weird.zeek b/testing/btest/bifs/empty_conn_weird.zeek
new file mode 100644
index 0000000000..eb94cf2c3f
--- /dev/null
+++ b/testing/btest/bifs/empty_conn_weird.zeek
@@ -0,0 +1,11 @@
+#
+# @TEST-EXEC: zeek -b %INPUT
+
+event zeek_init()
+{
+        local x: connection;
+        x$uid = "uid";
+        
+        Reporter::conn_weird("foo", x);
+        print "done";
+}