[Bro-Dev] #822: Segmentation fault ICMP Analizer
Bro Tracker
bro at tracker.bro-ids.org
Tue May 29 15:30:21 PDT 2012
#822: Segmentation fault ICMP Analizer
-----------------------------+------------------------
Reporter: Tyler.Schoenke | Owner:
Type: Problem | Status: new
Priority: Normal | Milestone: Bro2.1
Component: Bro | Version: git/master
Resolution: | Keywords:
-----------------------------+------------------------
Comment (by jsiwek):
In [0aecca979e830d0ee8f6524c4dee3fe83cfc3c4c/bro]:
{{{
#!CommitTicketReference repository="bro"
revision="0aecca979e830d0ee8f6524c4dee3fe83cfc3c4c"
Remove unnecessary assert in ICMP analyzer (addresses #822).
The ICMP/ICMPv6 analyzers function correctly when full packets have
not been captured, but everything up to and including the ICMP header
is there (e.g. the functions that inspect ICMP error message context
correctly check the caplen to see if more info can be extracted).
The "Should have been caught earlier already." comment may have referred
to NetSessions::CheckHeaderTrunc, which works as intended to catch cases
where the ICMP header is not there in full, but then the assert was
still not correctly formulated for that...
Also changed the ICMP checksum calculation to not occur when the full
packet has not been captured, which seems consistent with what the UDP
analysis does.
}}}
--
Ticket URL: <http://tracker.bro-ids.org/bro/ticket/822#comment:4>
Bro Tracker <http://tracker.bro-ids.org/bro>
Bro Issue Tracker
More information about the bro-dev
mailing list