diff --git a/src/analyzer/protocol/irc/IRC.cc b/src/analyzer/protocol/irc/IRC.cc index a69674eb50..a46bbb93d6 100644 --- a/src/analyzer/protocol/irc/IRC.cc +++ b/src/analyzer/protocol/irc/IRC.cc @@ -252,14 +252,15 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) { vector parts = SplitWords(params, ' '); - // Remove nick name. - parts.erase(parts.begin()); - if ( parts.size() < 2 ) + if ( parts.size() < 3 ) { Weird("irc_invalid_names_line"); return; } + // Remove nick name. + parts.erase(parts.begin()); + string type = parts[0]; string channel = parts[1]; diff --git a/testing/btest/Baseline/scripts.base.protocols.irc.names-weird/weird.log b/testing/btest/Baseline/scripts.base.protocols.irc.names-weird/weird.log new file mode 100644 index 0000000000..908df6470e --- /dev/null +++ b/testing/btest/Baseline/scripts.base.protocols.irc.names-weird/weird.log @@ -0,0 +1,10 @@ +#separator \x09 +#set_separator , +#empty_field (empty) +#unset_field - +#path weird +#open 2018-09-13-00-31-10 +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer +#types time string addr port addr port string string bool string +1536797872.428637 ClEkJM2Vm5giqnMf4h 127.0.0.1 65389 127.0.0.1 6666 irc_invalid_names_line - F bro +#close 2018-09-13-00-31-10 diff --git a/testing/btest/Traces/irc-353.pcap b/testing/btest/Traces/irc-353.pcap new file mode 100644 index 0000000000..61d12bffab Binary files /dev/null and b/testing/btest/Traces/irc-353.pcap differ diff --git a/testing/btest/scripts/base/protocols/irc/names-weird.bro b/testing/btest/scripts/base/protocols/irc/names-weird.bro new file mode 100644 index 0000000000..33124416f6 --- /dev/null +++ b/testing/btest/scripts/base/protocols/irc/names-weird.bro @@ -0,0 +1,7 @@ +# @TEST-EXEC: bro -C -r $TRACES/irc-353.pcap %INPUT +# @TEST-EXEC: btest-diff weird.log + +event irc_names_info(c: connection, is_orig: bool, c_type: string, channel: string, users: string_set) + { + print channel, users; + }