[Bro-Dev] [Bro-Commits] [git/bro] topic/seth/syslog-analyzer-updates: Handling binpac parsing failures in syslog analyzer. (5e95092)
Gregor Maier
gregor at icir.org
Tue Sep 13 13:38:35 PDT 2011
> - interp->NewData(orig, data, data + len);
> + try
> + {
> + interp->NewData(orig, data, data + len);
> + }
> + catch ( const binpac::Exception& e )
> + {
> + ProtocolViolation(fmt("Syslog analyzer BinPAC exception: %s", e.c_msg()));
> + }
> }
You might want to omit adding the e.c_msg() to the ProtocolViolation().
Especially for the syslog analyzer that often a dump of the packet
contents that caused the parse error and it's generally not really
useful (*).
(If you want to keep it for debugging, I would do an ifdef and print
through a weird or such)
(*) That's how I found the format string bug in Reporter.cc
cu
Gregor
--
Gregor Maier
<gregor at icir.org> <gregor at icsi.berkeley.edu>
Int. Computer Science Institute (ICSI)
1947 Center St., Ste. 600
Berkeley, CA 94704, USA
http://www.icir.org/gregor/
More information about the bro-dev
mailing list