[Bro-Dev] [JIRA] (BIT-1298) IP_Hdr pointer do not propagate from udp to child analyzers via DeliverPacket method causing a segfault

Robin Sommer (JIRA) jira at bro-tracker.atlassian.net
Fri Dec 12 10:37:00 PST 2014 

    [ https://bro-tracker.atlassian.net/browse/BIT-1298?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=19213#comment-19213 ] 

Robin Sommer commented on BIT-1298:
-----------------------------------

- I think the original reason for not buffering the header was a performance concern: this code can execute a lot. However, measuring execution time on the test suite with this branch, I don't see a noticeable increase, so that looks fine.

- the copy ctor for the IP header worries me a bit: the constraint that it must not be truncated seems easy to miss. One way around that would be having the header store the capture length of the packet as well, so that it knows how much data is valid. On the other hand, not sure that effort/memory is justified. Alternatively, I would be more comfortable if the copy operation were a method one has to call explicitly, rather a copy constructor that's easy to have run implicitly. What do you think?

-  Nit: You lost me on the swap() operation: why's the copy constructor doing a swap on the fields rather than just an assignment?




> IP_Hdr pointer do not propagate from udp to child analyzers via DeliverPacket method causing a segfault
> -------------------------------------------------------------------------------------------------------
>
>                 Key: BIT-1298
>                 URL: https://bro-tracker.atlassian.net/browse/BIT-1298
>             Project: Bro Issue Tracker
>          Issue Type: Problem
>          Components: Bro
>    Affects Versions: 2.3
>         Environment: Debian
>            Reporter: Eric Asselin
>            Assignee: Robin Sommer
>            Priority: High
>              Labels: analyzer
>         Attachments: core.zip, ntp-synchronized.pcap
>
>
> From a child analyzer like NTP, the IP_Hdr pointer in the DeliverPacket method is empty and unusable causing a segmentation fault as soon as you try to access it.
> To recreate the bug, just add an "assert(ip)" inside the DeliverPacket method of a UDP child analyzer and the execution will fail (instead of the segmentation fault).



--
This message was sent by Atlassian JIRA
(v6.4-OD-11-014#64007)

More information about the bro-dev mailing list