From fbf379b75758d4552f14b21c82b6a674575f042d Mon Sep 17 00:00:00 2001
From: Arne Welzel <arne.welzel@corelight.com>
Date: Tue, 27 Sep 2022 14:02:52 +0200
Subject: [PATCH] packet_analysis: Protect from nullptr sessions

Passing nullptr sessions to AnalyzerConfirmation and AnalyzerViolation
of protocol analyzers previously blew up - protect from that.

Related to zeek/spicy-plugin#133.
---
 src/packet_analysis/Analyzer.cc | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/packet_analysis/Analyzer.cc b/src/packet_analysis/Analyzer.cc
index 91653c788c..0161b26ca5 100644
--- a/src/packet_analysis/Analyzer.cc
+++ b/src/packet_analysis/Analyzer.cc
@@ -186,6 +186,9 @@ void Analyzer::AnalyzerConfirmation(session::Session* session, zeek::Tag arg_tag
 	{
 	const auto& effective_tag = arg_tag ? arg_tag : GetAnalyzerTag();
 
+	if ( ! session )
+		return;
+
 	if ( session->AnalyzerState(effective_tag) == session::AnalyzerConfirmationState::CONFIRMED )
 		return;
 
@@ -242,6 +245,9 @@ void Analyzer::AnalyzerViolation(const char* reason, session::Session* session,
 	{
 	const auto& effective_tag = arg_tag ? arg_tag : GetAnalyzerTag();
 
+	if ( ! session )
+		return;
+
 	if ( session->AnalyzerState(effective_tag) == session::AnalyzerConfirmationState::VIOLATED )
 		return;