#326: HTTP Analyzer overflow on content-lengths > 2GB
----------------------+------------------------
Reporter: gregor | Owner:
Type: Patch | Status: new
Priority: Normal | Milestone: Bro1.6
Component: Bro | Version: git/master
Keywords: inttypes |
----------------------+------------------------
{{{
#!rst
The HTTP analyzer uses 32 bit signed ints to parse the content-length
header, track body length etc. This causes overflow and for content
lengths > 2GB. This effects the reported body length as well as parsing of
pipelined or persistent connection.
The overflow might also cause crashes.
Changes in this patch:
* Change the affected integers in to 64 bit wide
* Overload min/max inline functions in util.h to work with different
widths and signedness.
* Explicitly cast parameters to min/max where in cases were the
compiler complained.
}}}
--
Ticket URL: <http://tracker.icir.org/bro/ticket/326>
Bro Tracker <http://tracker.icir.org/bro>
Bro Issue Tracker
#325: Remove ACTIVE_MAPPING code
------------------------+---------------------
Reporter: robin | Type: Problem
Status: new | Priority: Normal
Milestone: Bro1.6 | Component: Bro
Version: git/master |
------------------------+---------------------
The configure option is already gone, let's not forget to remove the
code as well.
--
Ticket URL: <http://tracker.icir.org/bro/ticket/325>
Bro Tracker <http://tracker.icir.org/bro>
Bro Issue Tracker
#319: Changes Xprintf() formats to use PRIxyz, e.g., PRIu64, PRIx32
----------------------+--------------------
Reporter: gregor | Owner:
Type: Problem | Status: new
Priority: Normal | Milestone: Bro1.6
Component: Bro | Version:
Keywords: inttypes |
----------------------+--------------------
{{{
#!rst
Change all *X*\ printf(), fmt(), etc. format strings to use ``PRIxyz``
macros to specify how to print fixed-width integer types like uint64_t.
These are defined in ``stdint.h``
C.f.
http://www.opengroup.org/onlinepubs/000095399/basedefs/inttypes.h.html
They are a C99 and POSIX standard and using them should get rid of a lot
of warnings related to format specifiers.
}}}
--
Ticket URL: <http://tracker.icir.org/bro/ticket/319>
Bro Tracker <http://tracker.icir.org/bro>
Bro Issue Tracker
#318: Use inttypes.h instead of home-made ifdefs
----------------------+------------------------
Reporter: gregor | Owner:
Type: Task | Status: new
Priority: Normal | Milestone: Bro1.6
Component: Bro | Version: git/master
Keywords: inttypes |
----------------------+------------------------
* Use inttypes.h for fixed width integer types instead of using
self-made #ifdefs. (E.g., uint64_t, int32_t). Cf. util.[ch]
* Replace old ``uint32`` et al. with standard ``uint32_t`` et al.
inttypes.h is a C99 and POSIX standard.
Check for possible roadblock when doing so
--
Ticket URL: <http://tracker.icir.org/bro/ticket/318>
Bro Tracker <http://tracker.icir.org/bro>
Bro Issue Tracker
#315: TCP Reassemblier type inconsistency
----------------------+------------------------
Reporter: gregor | Owner:
Type: Problem | Status: new
Priority: Low | Milestone:
Component: Bro | Version: git/master
Keywords: inttypes |
----------------------+------------------------
{{{
#!rst
The TCP Reassembler (and the general Reassembler which is the base class)
have a type inconsitency:
internally they define the sequence numbers as ``int``. When they have to
compare seq numbers, they call ``seq_delta()`` which takes two ``uint32``.
The reassemblers should also use ``uint32_t`` internally.
}}}
--
Ticket URL: <http://tracker.icir.org/bro/ticket/315>
Bro Tracker <http://tracker.icir.org/bro>
Bro Issue Tracker
#317: Analyzer::Undelivered should use relative sequence numbers (and go to
64bit)
----------------------+------------------------
Reporter: gregor | Owner:
Type: Task | Status: new
Priority: Normal | Milestone: Bro1.6
Component: Bro | Version: git/master
Keywords: inttypes |
----------------------+------------------------
{{{
#!rst
``Analyzer::Undelivered(int seq, int len)`` is called with absolute TCP
sequence from the TCP reassambler. However, since the analyzer framework
should work on abstract byte streams, it should return *realtive* sequence
numbers.
In addition, it should use 64 bit integers!
Note, that Undelivered is not really used. The HTTP.cc analyzer uses it,
but ``seq`` is to generate a mime_content_gap event. It does seem that
HTTP.cc assumes the seq number is relative....
}}}
--
Ticket URL: <http://tracker.icir.org/bro/ticket/317>
Bro Tracker <http://tracker.icir.org/bro>
Bro Issue Tracker
#321: Load http.bro script from http-header
---------------------+------------------------
Reporter: gregor | Owner:
Type: Problem | Status: new
Priority: Low | Milestone: Bro1.6
Component: Bro | Version: git/master
Keywords: |
---------------------+------------------------
http-header.bro should load http.bro, as it uses functions defined there.
(If other http-* scripts are loaded before http.bro, they'll pull in
http.bro and thus works)
--
Ticket URL: <http://tracker.icir.org/bro/ticket/321>
Bro Tracker <http://tracker.icir.org/bro>
Bro Issue Tracker
I've updated all the masters and devels to
- integrate a round of cleanup removing files no longer necessary.
- the latest changes from SVN.
I've also adapted the test-suite (in bro-private) to work with the
new setup, and it passes fine with all the changes (well, to be
precise, it reports the same differences as svn trunk; seems it's
not completely up to date).
We should now see if master is working for everybody. If so, we'll
have a stable base to work from.
Robin
--
Robin Sommer * Phone +1 (510) 722-6541 * robin(a)icir.org
ICSI/LBNL * Fax +1 (510) 666-2956 * www.icir.org
I've added a page on how we might use Sphinx to auto-generate Bro
script documentation to the projects list, see
http://bro.icir.org/devel/projects/autodoc.html
This includes a mock-up of how Sphinx input and output could look
like.
What do you guys think?
Robin
--
Robin Sommer * Phone +1 (510) 722-6541 * robin(a)icir.org
ICSI/LBNL * Fax +1 (510) 666-2956 * www.icir.org