[Bro-Dev] [JIRA] (BIT-1500) BinPAC Call to FlowBuffer::NewFrame with frame_length -1

Mark Fernandez (JIRA) jira at bro-tracker.atlassian.net
Mon Nov 2 11:38:00 PST 2015


Mark Fernandez created BIT-1500:
-----------------------------------

             Summary: BinPAC Call to FlowBuffer::NewFrame with frame_length -1
                 Key: BIT-1500
                 URL: https://bro-tracker.atlassian.net/browse/BIT-1500
             Project: Bro Issue Tracker
          Issue Type: Problem
          Components: BinPAC
    Affects Versions: 2.4
            Reporter: Mark Fernandez
         Attachments: test.pac

I am creating a protocol analyzer using BinPAC. I created a type record for chunked data, very similar to HTTP chunked data.  The auto-generated C++ code does not parse the chunked data correctly.  I tracked it down to the ParseBuffer code where there is a combination of calls to FlowBuffer::NewFrame and soon thereafter a condition check against FlowBuffer::ready().  The call to NewFrame passes '-1' as the frame_length value. NewFrame calls FlowBuffer::MarkOrCopyFrame, and because the frame_length is set to -1, MarkOrCopyFrame sets message_complete_ to false.  Therefore, when FlowBuffer::ready() is called, it returns message_complete_, which is false, and then ParseBuffer exits via 'goto need_more_data' without ever parsing the chunked data.  This is very frustrating.  Please review and let me know what you think.



--
This message was sent by Atlassian JIRA
(v7.0.0-OD-08-005#70107)



More information about the bro-dev mailing list