[Bro-Dev] #822: Segmentation fault ICMP Analizer

Bro Tracker bro at tracker.bro-ids.org
Tue May 29 15:30:21 PDT 2012

#822: Segmentation fault ICMP Analizer
  Reporter:  Tyler.Schoenke  |      Owner:
      Type:  Problem         |     Status:  new
  Priority:  Normal          |  Milestone:  Bro2.1
 Component:  Bro             |    Version:  git/master
Resolution:                  |   Keywords:

Comment (by jsiwek):

 In [0aecca979e830d0ee8f6524c4dee3fe83cfc3c4c/bro]:
 #!CommitTicketReference repository="bro"
 Remove unnecessary assert in ICMP analyzer (addresses #822).

 The ICMP/ICMPv6 analyzers function correctly when full packets have
 not been captured, but everything up to and including the ICMP header
 is there (e.g. the functions that inspect ICMP error message context
 correctly check the caplen to see if more info can be extracted).

 The "Should have been caught earlier already." comment may have referred
 to NetSessions::CheckHeaderTrunc, which works as intended to catch cases
 where the ICMP header is not there in full, but then the assert was
 still not correctly formulated for that...

 Also changed the ICMP checksum calculation to not occur when the full
 packet has not been captured, which seems consistent with what the UDP
 analysis does.

Ticket URL: <http://tracker.bro-ids.org/bro/ticket/822#comment:4>
Bro Tracker <http://tracker.bro-ids.org/bro>
Bro Issue Tracker

More information about the bro-dev mailing list