diff options
| author | John Thacker <johnthacker@gmail.com> | 2024-02-06 07:17:10 -0500 |
|---|---|---|
| committer | John Thacker <johnthacker@gmail.com> | 2024-02-06 15:32:57 +0000 |
| commit | e972a755d2d0f25f6b51d4ac3932ebe652cba4f0 (patch) | |
| tree | cdb2cd55e779f7e1944e766858d7f62cf11b4c05 /test/suite_dfilter | |
| parent | 795dc54aae73c5247fc1ee4b5eeaf498c2af6ae4 (diff) | |
dfilter: Handle null arguments to min, max
min and max need to handle null arguments where the GPtrArray
is null, generated when there have been other opcodes between
the field loading and the function. (They are ignored, not
treated as zero, so they don't change the minimum.)
Prevents crashes with filters where a field does not exist in the tree:
min(tcp.srcport * 10, tcp.dstport * 10) == 800
min(len(tcp.payload), len(udp.payload)) == 153
min(len(tcp.payload[2:]) + 2, len(udp.payload[2:]) + 2) == 153
where a register is loaded where it has not had its GPtrArray created:
./run/dftest 'min(len(tcp.payload), len(udp.payload))'
Filter:
min(len(tcp.payload), len(udp.payload))
Instructions:
0000 READ_TREE tcp.payload -> R1
0001 IF_FALSE_GOTO 3
0002 LENGTH R1 -> R2
0003 STACK_PUSH R2
0004 READ_TREE udp.payload -> R3
0005 IF_FALSE_GOTO 7
0006 LENGTH R3 -> R4
0007 STACK_PUSH R4
0008 CALL_FUNCTION min(R2, R4) -> R0
0009 STACK_POP [2]
0010 IF_FALSE_GOTO 12
0011 NOT_ALL_ZERO R0
0012 RETURN
Related to fcb6bb576388e8a8ef4b657d794a80f008a99ff7
(Prior to that commit, this worked because a NULL pointer is a
valid, empty GSList.)
Diffstat (limited to 'test/suite_dfilter')
| -rw-r--r-- | test/suite_dfilter/group_function.py | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/test/suite_dfilter/group_function.py b/test/suite_dfilter/group_function.py index aad95e604d..9eda540194 100644 --- a/test/suite_dfilter/group_function.py +++ b/test/suite_dfilter/group_function.py @@ -107,3 +107,17 @@ class TestFunctionNested: def test_function_nested_1(self, checkDFilterCount): dfilter = 'abs(min(tcp.srcport, tcp.dstport)) == 80' checkDFilterCount(dfilter, 1) + + def test_function_nested_2(self, checkDFilterCount): + dfilter = 'min(tcp.srcport * 10, tcp.dstport * 10, udp.srcport * 10, udp.dstport * 10) == 800' + checkDFilterCount(dfilter, 1) + + def test_function_nested_3(self, checkDFilterCount): + dfilter = 'min(len(tcp.payload), len(udp.payload)) == 153' + checkDFilterCount(dfilter, 1) + + def test_function_nested_4(self, checkDFilterCount): + # udp.payload does not exist. Check that len(udp.payload) + 2 + # resolves to NULL, not to 2. + dfilter = 'min(len(tcp.payload[2:]) + 2, len(udp.payload[2:]) + 2) == 153' + checkDFilterCount(dfilter, 1) |