[Bro] ssl binpac analyzer -- patches

jmzhou.ml at gmail.com jmzhou.ml at gmail.com
Tue May 29 11:56:30 PDT 2007

Some comments about the patch set

Patch 4: I can confirm that this is a bug. I had the same problem and
same fix at my side.

Patch 5: I think the new call (DoGenParseCode) in pac_type.cc should be
replaced by GenParseCode3. Imagine that a record field (identifier f1) 
is empty type and there are other fields (identifier f2, f3, ...) after
field f1. If you call DoGenParseCode, the identifier f1 will not be
evaluated like in GenParseCode3 (pac_type.cc:754-755). This will result
in re-entrance of RecordDataField::GenParseCode (pac_record.cc:420) because
when f2->prev()-GenParseCode (pac_record.cc:428) is called, env->Evaluated(
id()) will return false. This is an infinite loop - till at some point of
binpac there will be an assertion failure.

Patch 6: I think there is another issue here: if some buffering request
has been sent to the flow buffer, and the flow buffer is not ready with
partial data, we will end up with entering the loop - a waste of CPU

More information about the Bro mailing list