diff --git a/CHANGES b/CHANGES index ddd4cd0f1d..187c0b0ecc 100644 --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,9 @@ +2.4-117 | 2015-08-30 22:16:24 -0700 + + * Fix initialization of a pointer in RDP analyzer. (Daniel + Thayer/Robin Sommer) + 2.4-115 | 2015-08-30 21:57:35 -0700 * Enable Bro to leverage packet fanout mode on Linux. (Kris diff --git a/VERSION b/VERSION index 8a586d4dd2..eb8f6706b2 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.4-115 +2.4-117 diff --git a/src/ConvertUTF.h b/src/ConvertUTF.h index 9be51e57f1..4eb7900e9f 100644 --- a/src/ConvertUTF.h +++ b/src/ConvertUTF.h @@ -91,6 +91,8 @@ targetEnd. Note: the end pointers are *after* the last item: e.g. *(sourceEnd - 1) is the last item. + !!! NOTE: The source and end pointers must be aligned properly !!! + The return result indicates whether the conversion was successful, and if not, whether the problem was in the source or target buffers. (Only the first encountered problem is indicated.) @@ -199,18 +201,22 @@ ConversionResult ConvertUTF8toUTF32( const UTF8** sourceStart, const UTF8* sourceEnd, UTF32** targetStart, UTF32* targetEnd, ConversionFlags flags); +/* NOTE: The source and end pointers must be aligned properly. */ ConversionResult ConvertUTF16toUTF8 ( const UTF16** sourceStart, const UTF16* sourceEnd, UTF8** targetStart, UTF8* targetEnd, ConversionFlags flags); +/* NOTE: The source and end pointers must be aligned properly. */ ConversionResult ConvertUTF32toUTF8 ( const UTF32** sourceStart, const UTF32* sourceEnd, UTF8** targetStart, UTF8* targetEnd, ConversionFlags flags); +/* NOTE: The source and end pointers must be aligned properly. */ ConversionResult ConvertUTF16toUTF32 ( const UTF16** sourceStart, const UTF16* sourceEnd, UTF32** targetStart, UTF32* targetEnd, ConversionFlags flags); +/* NOTE: The source and end pointers must be aligned properly. */ ConversionResult ConvertUTF32toUTF16 ( const UTF32** sourceStart, const UTF32* sourceEnd, UTF16** targetStart, UTF16* targetEnd, ConversionFlags flags); diff --git a/src/analyzer/protocol/rdp/rdp-analyzer.pac b/src/analyzer/protocol/rdp/rdp-analyzer.pac index a70d55fb7b..c70f87460e 100644 --- a/src/analyzer/protocol/rdp/rdp-analyzer.pac +++ b/src/analyzer/protocol/rdp/rdp-analyzer.pac @@ -9,9 +9,8 @@ refine flow RDP_Flow += { function utf16_to_utf8_val(utf16: bytestring): StringVal %{ std::string resultstring; - size_t widesize = utf16.length(); - size_t utf8size = 3 * widesize + 1; + size_t utf8size = (3 * utf16.length() + 1); if ( utf8size > resultstring.max_size() ) { @@ -20,8 +19,16 @@ refine flow RDP_Flow += { } resultstring.resize(utf8size, '\0'); - const UTF16* sourcestart = reinterpret_cast(utf16.begin()); - const UTF16* sourceend = sourcestart + widesize; + + // We can't assume that the string data is properly aligned + // here, so make a copy. + UTF16 utf16_copy[utf16.length()]; // Twice as much memory than necessary. + memcpy(utf16_copy, utf16.begin(), utf16.length()); + + char* utf16_copy_end = reinterpret_cast(utf16_copy) + utf16.length(); + const UTF16* sourcestart = utf16_copy; + const UTF16* sourceend = reinterpret_cast(utf16_copy_end); + UTF8* targetstart = reinterpret_cast(&resultstring[0]); UTF8* targetend = targetstart + utf8size; @@ -37,6 +44,7 @@ refine flow RDP_Flow += { } *targetstart = 0; + // We're relying on no nulls being in the string. return new StringVal(resultstring.c_str()); %}