Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

GH-378: check validity of missing 'val' field in Input::add_table

Browse source 
It's only allowed to be missing when the 'destination' field is a
"set" type, but not for a "table" type.

Fixes GH-378
This commit is contained in:
Jon Siwek 2019-05-24 10:23:20 -07:00
parent 88278214a9
commit d886f40728
5 changed files with 20 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

4
CHANGES
View file

@ -1,4 +1,8 @@
2.6-336 | 2019-05-24 10:23:20 -0700
* GH-378: check validity of missing 'val' field in Input::add_table (Jon Siwek, Corelight)
2.6-335 | 2019-05-24 08:58:59 -0700
* Fix memory leak when no protocol_violation event handler exists (Jon Siwek, Corelight)

2
VERSION
View file

@ -1 +1 @@
2.6-335
2.6-336

12
src/input/Manager.cc
View file

@ -547,6 +547,7 @@ bool Manager::CreateTableStream(RecordVal* fval)
Val *want_record = fval->Lookup("want_record", true);
if ( val )
{
const BroType* table_yield = dst->Type()->AsTableType()->YieldType();
const BroType* compare_type = val;
@ -565,6 +566,17 @@ bool Manager::CreateTableStream(RecordVal* fval)
return false;
}
}
else
{
if ( ! dst->Type()->IsSet() )
{
reporter->Error("Input stream %s: 'destination' field is a table,"
" but 'val' field is not provided"
" (did you mean to use a set instead of a table?)",
stream_name.c_str());
return false;
}
}
Val* event_val = fval->Lookup("ev", true);
Func* event = event_val ? event_val->AsFunc() : 0;

1
testing/btest/Baseline/scripts.base.frameworks.input.errors/.stderr
View file

@ -38,4 +38,5 @@ error: Input stream error2: Error event's first attribute must be of type Input:
error: Input stream error3: Error event's first attribute must be of type Input::EventDescription
error: Input stream error4: Error event's second attribute must be of type string
error: Input stream error5: Error event's third attribute must be of type Reporter::Level
error: Input stream error6: 'destination' field is a table, but 'val' field is not provided (did you mean to use a set instead of a table?)
received termination signal

2
testing/btest/scripts/base/frameworks/input/errors.zeek
View file

@ -188,5 +188,7 @@ event zeek_init()
Input::add_event([$source="input.log", $name="error4", $fields=Val, $ev=event11, $want_record=T, $error_ev=errorhandler4]);
Input::add_event([$source="input.log", $name="error5", $fields=Val, $ev=event11, $want_record=T, $error_ev=errorhandler5]);
Input::add_table([$source="input.log", $name="error6", $idx=Idx, $destination=val_table]);
schedule 3secs { kill_me() };
}