mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 14:48:21 +00:00
bifs/parse_eftp: Prevent reporter warnings/errors on invalid input
When passing invalid IPs or an out-of range port to parse_eftp() a warning or error was generated on stderr (in addition to setting the $valid field to F). Prevent the output by adding safe-guarding and using IPAddr::ConvertString() instead.
This commit is contained in:
Arne Welzel
parent
d4a84e7442
commit
eb09662d48
3 changed files with 21 additions and 8 deletions
|
|
@ -87,12 +87,10 @@ static zeek::ValPtr parse_eftp(const char* line)
|
||||||
}
|
}
|
||||||
|
|
||||||
std::string s(line, nptr-line); // extract IP address
|
std::string s(line, nptr-line); // extract IP address
|
||||||
zeek::IPAddr tmp(s);
|
struct in6_addr result;
|
||||||
// on error, "tmp" will have all 128 bits zero
|
good = zeek::IPAddr::ConvertString(s.c_str(), &result) ? 1 : 0;
|
||||||
if ( tmp == addr )
|
if ( good )
|
||||||
good = 0;
|
addr = zeek::IPAddr(result);
|
||||||
|
|
||||||
addr = tmp;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
line = strchr(line, delimiter);
|
line = strchr(line, delimiter);
|
||||||
|
|
@ -103,8 +101,13 @@ static zeek::ValPtr parse_eftp(const char* line)
|
||||||
port = strtol(line, &next_delim, 10);
|
port = strtol(line, &next_delim, 10);
|
||||||
if ( *next_delim != delimiter )
|
if ( *next_delim != delimiter )
|
||||||
good = 0;
|
good = 0;
|
||||||
}
|
|
||||||
|
|
||||||
|
if ( port < 0 || port > 65535 )
|
||||||
|
{
|
||||||
|
port = 0;
|
||||||
|
good = 0;
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -2,5 +2,9 @@
|
||||||
[h=192.168.0.2, p=257/tcp, valid=T]
|
[h=192.168.0.2, p=257/tcp, valid=T]
|
||||||
[h=192.168.0.2, p=257/tcp, valid=T]
|
[h=192.168.0.2, p=257/tcp, valid=T]
|
||||||
[h=fe80::12, p=1234/tcp, valid=T]
|
[h=fe80::12, p=1234/tcp, valid=T]
|
||||||
|
[h=::, p=257/tcp, valid=F]
|
||||||
|
[h=::, p=1234/tcp, valid=F]
|
||||||
|
[h=192.168.0.2, p=0/tcp, valid=F]
|
||||||
|
[h=192.168.0.2, p=0/tcp, valid=F]
|
||||||
[h=192.168.0.2, p=257/tcp, valid=T]
|
[h=192.168.0.2, p=257/tcp, valid=T]
|
||||||
[h=::, p=1234/tcp, valid=T]
|
[h=::, p=1234/tcp, valid=T]
|
||||||
|
|
|
||||||
|
|
@ -1,5 +1,5 @@
|
||||||
#
|
#
|
||||||
# @TEST-EXEC: zeek -b %INPUT >out
|
# @TEST-EXEC: zeek -b %INPUT >out 2>&1
|
||||||
# @TEST-EXEC: btest-diff out
|
# @TEST-EXEC: btest-diff out
|
||||||
|
|
||||||
event zeek_init()
|
event zeek_init()
|
||||||
|
|
@ -9,6 +9,12 @@ event zeek_init()
|
||||||
print parse_eftp_port("|1|192.168.0.2|257|");
|
print parse_eftp_port("|1|192.168.0.2|257|");
|
||||||
print parse_eftp_port("|2|fe80::12|1234|");
|
print parse_eftp_port("|2|fe80::12|1234|");
|
||||||
|
|
||||||
|
print parse_eftp_port("|1|192.168.0.313|257|");
|
||||||
|
print parse_eftp_port("|2|fe80::gg|1234|");
|
||||||
|
|
||||||
|
print parse_eftp_port("|1|192.168.0.2|-1|");
|
||||||
|
print parse_eftp_port("|2|192.168.0.2|131072|");
|
||||||
|
|
||||||
print parse_ftp_pasv("227 Entering Passive Mode (192,168,0,2,1,1)");
|
print parse_ftp_pasv("227 Entering Passive Mode (192,168,0,2,1,1)");
|
||||||
|
|
||||||
print parse_ftp_epsv("229 Entering Extended Passive Mode (|||1234|)");
|
print parse_ftp_epsv("229 Entering Extended Passive Mode (|||1234|)");
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue