Particularly for ICMP connections, a new timer got added every time a
`connection` record was updated even if there was still a pending timer
for that connection.
So as to prefer sigaction() over either sigset() or signal(), which are
less favorable due to underspecification issues and some treating them
as obsolete/deprecated.
Merge adjustments:
- Rewrote the check for error response as a switch statement to
fix compiler warning about signed/unsigned comparison and also
to just simplify/clarify the logic.
- Changed the btest to use `zeek -b`.
* origin/topic/vlad/gh-1286:
Add tests for new SMB3 multichannel support
Fix SMB2 response status parsing. Fixes#1286
* The parsing of IPv6 addresses tried to fill a stack-buffer with as
much data as supplied in the Option even if it was in excess of the
desired prefix or maximum IPv6 address size. This could result in an
overflow of that stack-buffer.
* The parsing of IPv4 addresses would overwrite the storage used for
that address as many times as there were bytes in the Option in excess
of the desired prefix length or maximum IPv4 address size. This could
cause the resulting IPv4 address to be derived from the incorrect
data.
* Upon encountering unexpected/excessive option-length or source-prefix
parameters, the data pointer used for parsing was also not always
advanced to the start of the next alleged option's data. Assuming all
other parsing code correctly guards against invalid input, there's no
further harm from that other than the subsequent parsing being more
likely to encounter unexpected values and emitting more Weirds.
Credit to OSS-Fuzz for discovery
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28336
(Link to details becomes public 30 days after patch release)
Using two separate Broker subscribers for status events and regular
messages introduces a race on the two objects. Even if Broker sends all
messages in a particular (deterministic) order, Zeek may still process
them in a different order as a result. Since several tests rely on a
strict ordering of Broker events, these tests could fail sporadically.
Using only a single subscriber for all Broker messages makes sure that
Zeek observes all messages in the same order as Broker emits them.
* origin/topic/christian/gh-1307-baseline-refresh:
Additional use of btest-diff --binary
Update btest-diff calls on binary files to using "--binary"
Switch to btest-diff with --binary support
Update external baseline commit hashes
Fix binary baseline & line-end problem
Fix diff-remove-abspath on OSX
Bump submodules for btest 0.64 update
Canonifier improvements for the scripts.base.frameworks.logging.ascii-double test
Baseline refresh to reflect btest 0.64
Make diff-remove-abspath canonifier match on non-whitespace paths only
Harden diff-remove-timestamps canonifier
By default all baslines are run through diff-remove-timestamp. On a BSD
sed implementation, this means that a newline is added to the end of the
file, if no newline was there originally. This behavior differs from GNU
sed, which does not add a newline.
In this commit we unify this behavior by always adding a newline, even
when using GNU sed. This commit also disables the canonifier for a bunch
of binary baselines, so we do not have to change them.
This avoids swallowing multiple separate paths separated by unrelated
content into one substitution, like here:
orig_p=59856<...>/tcp] -> orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp]
This pattern got mislead by matching suffixes of other numbers, and
noramlizing exact 0-timestamps isn't really required.
- Remove eplicit "0.000000" number pattern from timestamp normalization
- Require beginning of line or non-numeric character before the
beginning of the number replacement
- Minor whitespace/grammar/doc tweaks during merge
* 'add-X-to-double' of https://github.com/ynadji/zeek:
Add `count_to_double` and `int_to_double` bif functions
Also now uses CMake's ENABLE_EXPORTS target property for the zeek
executable to ensure symbols are visible to plugins. Prior to CMake
3.4, the policy was to export symbols by default for certain platforms,
but later versions need either the explicit target property or policy.
