[Bro-Dev] [JIRA] (BIT-278) Fix port handling in Broccoli
Johanna Amann (JIRA)
jira at bro-tracker.atlassian.net
Mon Oct 19 13:21:00 PDT 2015
[ https://bro-tracker.atlassian.net/browse/BIT-278?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Johanna Amann updated BIT-278:
------------------------------
Resolution: Won't Fix
Status: Closed (was: Open)
Closing since we are deprecating Broccoli.
> Fix port handling in Broccoli
> -----------------------------
>
> Key: BIT-278
> URL: https://bro-tracker.atlassian.net/browse/BIT-278
> Project: Bro Issue Tracker
> Issue Type: New Feature
> Components: Broccoli
> Affects Versions: 1.5.1
> Reporter: Seth Hall
> Assignee: kreibich
>
> BRO_TYPE_PORT values in Broccoli currently only allow tcp,udp, and icmp. If you attempt to set a protocol value to anything that doesn't map to one of those protocols (e.g. 255), it will cause Broccoli to segfault when you do the following:
> {noformat}
> BroPort dst_p;
> dst_p.port_num = 0;
> dst_p.port_proto = 255;
> bro_record_add_val(packet_id, "dst_p", BRO_TYPE_PORT, NULL, &dst_p);
> {noformat}
> The offending code in bro_val.c seems to be:
> {noformat}
> if (tmp->port_proto != IPPROTO_TCP &&
> tmp->port_proto != IPPROTO_UDP &&
> tmp->port_proto != IPPROTO_ICMP)
> {
> __bro_sobject_release((BroSObject *) data);
> D_RETURN_(FALSE);
> }
> {noformat}
--
This message was sent by Atlassian JIRA
(v7.0.0-OD-08-002#70107)
More information about the bro-dev
mailing list