Memory allocated to the decrypted ticket data as well as the server
principal were not freed.
Also fixed potential leaks in error cases that called
krb5_get_error_message() without freeing the returned value.
ODesc allocated with malloc() and BroString deallocated with delete[],
but really the intermediate BroString wasn't even needed when copying
into std::string.
Various OCSP parsing functions used in presence of OpenSSL 1.1 used
"d2i_ASN1_SEQUENCE_ANY" which returns a "STACK_OF(ASN1_TYPE)", but used
"sk_ASN1_TYPE_free" instead of "sk_ASN1_TYPE_pop_free" to free it. The
former only frees the stack structure while the later frees both the
structure and the elements.
Adjustments during merge:
- kept the UNKNOWN Log::ID as placeholder value
- changed the coverage.find-bro-logs test to check for arbitrary $path
field values instead of just string literals
- don't force EnumVal to unsigned integer since the relevant union member
is the signed integer and added the relevant enum values/types to
.bif files for easier access
- compare FILE* versus file name to check for stdout equality (don't
think it matters much, just a bit more efficient)
- minor whitespace/style tweaks
* origin/topic/dev/print-to-log:
Added a non boolean configuration and other changes as suggested by Jon
Allow Print Statements to be redirected to a Log# This is a combination of 3 commits.
* origin/topic/jsiwek/openbsd:
Adjust btests for OpenBSD portability
Convert pcapng test suite files to pcap format
Fix undefined symbols loading libbroker on OpenBSD
Fix compile warnings on OpenBSD
- Minor whitespace tweaks
- Add line to build summary output for whether unit tests are enabled
* origin/topic/neverlord/doctest:
Add doctest license and copyright
Integrate review feedback
Fix submodule reference for doctest
Add initial scaffold for unit testing via doctest
- Minor whitespace adjustment in merge
* 'improve-container-record-fields-bif' of https://github.com/henridf/zeek:
Recursively handle into container types in record_fields()
tabify
Apply suggestions from code review
Print full container types in record_fields()
And switch Zeek's base scripts over to using it in place of
"connection_state_remove". The difference between the two is
that "connection_state_remove" is raised for all events while
"successful_connection_remove" excludes TCP connections that were never
established (just SYN packets). There can be performance benefits
to this change for some use-cases.
There's also a new event called ``connection_successful`` and a new
``connection`` record field named "successful" to help indicate this new
property of connections.
Some Zeek script statement descriptions were exceeding the hardcoded
maximum length and also could contain tab characters which were
supposed to be reserved for use as a delimiter in the file format.
- Stem environment wasn't inherited if it needs to be exec()'d
- Fix node creation message format when reviving Stem via exec()
- Cluster node type for workers was set wrong
* origin/topic/neverlord/intrusive-ptr:
Add API documentation to IntrusivePtr
Rename make{ Counted => _intrusive }
Remove braces around single return statements
Integrate review feedback
Add and use new IntrusivePt type in Zeek
