[Bro] pybroker with 'optional' fields

Jeff Barber jbarber at computer.org
Wed May 20 13:55:54 PDT 2015


Awesome. Thanks Jon!

On Wed, May 20, 2015 at 2:14 PM, Siwek, Jon <jsiwek at illinois.edu> wrote:
>
>> On May 19, 2015, at 12:54 PM, Jeff Barber <jbarber at computer.org> wrote:
>>
>> rec = p.as_record()
>> fields = rec.fields()
>> ip, ip6, tcp, udp, icmp = [f.get() if f.valid() else None for f in fields]
>> if ip is not None:
>>     fields = ip.as_record().fields()
>>     fields = [f for f in fields]
>
> The problem here was ip.as_record() returns a new object, but then .fields() on it returns a reference to something owned by that object whose reference count is going to drop to zero immediately after the line.  So it ends up accessing invalid memory of the object which went out of scope.  If you want to workaround the bug, assign the record to a temporary variable for as long as you need to access fields coming from it.  E.g.:
>
>         rec = ip.as_record() # assign to rec in order to keep a reference alive
>         fields = rec.fields()
>         # operate on fields…
>
> Or if you want to patch/update the broker source code, the real fix is here:
>
> https://github.com/bro/broker/commit/8fc6938017dc15acfb26fa29e6ad0933019781c5
>
> That’s also in the master branch of the bro and broker repositories, but should eventually make it into the final 2.4 Bro release and a 0.3.1 release of Broker as well.
>
> - Jon



More information about the Bro mailing list