1) There are a couple more places where the new protocol uses and OK
packet instead of the deprecated EOF.
2) With > 255 results, we could end up in an situation where the uint8
sequence number would wrap, and we'd naively think it'd be a new
handshake.
Now, we track the previous sequence number, and assume overflow if it
was 255 previously and 0 now.
We also reset the previous sequence number to 0 in various packets
that we'd expect at the end of other commands.
This approach mostly relies on script-level changes. In scriptland, we track
which certificates should be cached - and also perform the caching and the
replaying of events there.
This actually is probably nearly functional - the problem is the fact that now
the event ordering is wrong - and file_state_remove is called before the x509
events are thrown.
The fix probably is to move to a callback from the core - which can execute
things in the right order again. (Or just write the whole event-raising inside
the core - but that is both less flexible and a lot more cumbersome).
Instead of returning a pseudo-boolean integer, it now returns a
referenced object or nullptr on error. The old API was very error
prone because of its obscure reference counting semantics.
Passing the `id_list` pointer to `BroFunc` transfers ownership of the
contained `ID` instances, because `~BroFunc()` unreferences them.
Therefore, we need to increase the reference counters for each
`BroFunc` instance to fix the use-after-free bug.
Closes https://github.com/zeek/zeek/issues/845
The code comment said "ref'd by lookupwithdefault", but the `fields`
variable was not referenced; only `fields_val` was, and its reference
was released earlier.
Same for `idx` and `val` in method CreateTableStream().
Fixes a regression from commit d81bfed45d
This also now installs the full rapidjson include/ tree in order to
allow external plugins to properly build if they include
threading/formatters/JSON.h
From the docs: "As of MySQL 5.7.5, OK packes are also used to indicate
EOF, and EOF packets are deprecated."
The client sets a capability flag (CLIENT_DEPRECATE_EOF) to indicate
that it expects an OK instead of an EOF after the resultset rows.
