[Bro] pybroker with 'optional' fields
Siwek, Jon
jsiwek at illinois.edu
Wed May 20 11:14:58 PDT 2015
> On May 19, 2015, at 12:54 PM, Jeff Barber <jbarber at computer.org> wrote:
>
> rec = p.as_record()
> fields = rec.fields()
> ip, ip6, tcp, udp, icmp = [f.get() if f.valid() else None for f in fields]
> if ip is not None:
> fields = ip.as_record().fields()
> fields = [f for f in fields]
The problem here was ip.as_record() returns a new object, but then .fields() on it returns a reference to something owned by that object whose reference count is going to drop to zero immediately after the line. So it ends up accessing invalid memory of the object which went out of scope. If you want to workaround the bug, assign the record to a temporary variable for as long as you need to access fields coming from it. E.g.:
rec = ip.as_record() # assign to rec in order to keep a reference alive
fields = rec.fields()
# operate on fields…
Or if you want to patch/update the broker source code, the real fix is here:
https://github.com/bro/broker/commit/8fc6938017dc15acfb26fa29e6ad0933019781c5
That’s also in the master branch of the bro and broker repositories, but should eventually make it into the final 2.4 Bro release and a 0.3.1 release of Broker as well.
- Jon
More information about the Bro
mailing list