Permalink
Browse files

Fix IRC names command parsing

  • Loading branch information...
jsiwek committed Sep 13, 2018
1 parent 5ce7fe6 commit c2b18849f8bb833253538f5dfedb4ed1dc176a30
@@ -252,14 +252,15 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig)
{
vector<string> parts = SplitWords(params, ' ');
// Remove nick name.
parts.erase(parts.begin());
if ( parts.size() < 2 )
if ( parts.size() < 3 )
{
Weird("irc_invalid_names_line");
return;
}
// Remove nick name.
parts.erase(parts.begin());
string type = parts[0];
string channel = parts[1];
@@ -0,0 +1,10 @@
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path weird
#open 2018-09-13-00-31-10
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer
#types time string addr port addr port string string bool string
1536797872.428637 ClEkJM2Vm5giqnMf4h 127.0.0.1 65389 127.0.0.1 6666 irc_invalid_names_line - F bro
#close 2018-09-13-00-31-10
Binary file not shown.
@@ -0,0 +1,7 @@
# @TEST-EXEC: bro -C -r $TRACES/irc-353.pcap %INPUT
# @TEST-EXEC: btest-diff weird.log
event irc_names_info(c: connection, is_orig: bool, c_type: string, channel: string, users: string_set)
{
print channel, users;
}

2 comments on commit c2b1884

@mxmssh

This comment has been minimized.

Show comment
Hide comment
@mxmssh

mxmssh Sep 13, 2018

Thank you for the fast response!

mxmssh replied Sep 13, 2018

Thank you for the fast response!

@fgeek

This comment has been minimized.

Show comment
Hide comment
@fgeek

fgeek Sep 13, 2018

CVE-2018-17019 has been assigned for this issue.

fgeek replied Sep 13, 2018

CVE-2018-17019 has been assigned for this issue.

Please sign in to comment.