Skip to content

Commit

Permalink
if answer->name is empty use non unicode (arkime#2717)
Browse files Browse the repository at this point in the history 
* if answer->name is empty use non unicode

* fix memory leak, improve fuzz2pcapAll
  • Loading branch information
@awick
awick authored Mar 25, 2024
1 parent 2239e1e commit 40161ca
Show file tree
Hide file tree
Showing 2 changed files with 66 additions and 16 deletions.
6 changes: 5 additions & 1 deletion capture/parsers/dns.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -283,7 +283,7 @@ LOCAL DNSSVCBRData_t *dns_parser_rr_svcb(const uint8_t *data, int length)
}

if (!namelen) {
svcbData->dname = (char *)".";
svcbData->dname = g_strdup(".");
namelen = 1;
} else {
svcbData->dname = g_hostname_to_unicode(name);
Expand Down Expand Up @@ -599,6 +599,8 @@ LOCAL void dns_parser(ArkimeSession_t *session, int kind, const uint8_t *data, i
namelen = 6;
} else {
answer->name = g_hostname_to_unicode(name);
if (!answer->name)
answer->name = g_strndup(name, namelen);
if (arkime_memstr((const char *)name, len, "xn--", 4)) {
ArkimeString_t *hstring;
HASH_FIND(s_, *(dns->punyHosts), name, hstring);
Expand Down Expand Up @@ -1243,6 +1245,8 @@ void dns_save(BSB *jbsb, ArkimeFieldObject_t *object, struct arkime_session *ses
break;
case DNS_RR_HTTPS: {
BSB_EXPORT_sprintf(*jbsb, "\"https\":\"HTTPS %u %s ", answer->svcb->priority, answer->svcb->dname);
g_free(answer->svcb->dname);

DNSSVCBRDataFieldValue_t *fieldValue;
while (DLL_COUNT(t_, &(answer->svcb->fieldValues)) > 0) {
DLL_POP_HEAD(t_, &(answer->svcb->fieldValues), fieldValue);
Expand Down
76 changes: 61 additions & 15 deletions tests/tests.pl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -51,7 +51,7 @@ sub doGeo {
sub doFuzz2Pcap {
my @files = @ARGV;
foreach my $file (@files) {
print "$file\n";;
print "$file\n";
open my $in, '<', "$file" or die "error opening $file: $!";
open my $out, '>', "$file.pcap" or die "error opening $file.pcap: $!";
binmode($in);
Expand All @@ -62,7 +62,7 @@ sub doFuzz2Pcap {

my $len = length($buf);

# Pcap header
# Pcap file header
syswrite($out, pack('H*', "d4c3b2a1020004000000000000000000ffff000001000000"));

my $pos = 0;
Expand All @@ -81,6 +81,49 @@ sub doFuzz2Pcap {
}
}
################################################################################
sub doFuzz2PcapAll {
die "<pcapfile> <glob1> [,,<globn>]" if ($#ARGV < 1);

open my $out, '>', $ARGV[0] or die "error opening $ARGV[0]: $!";
binmode($out);

shift @ARGV;

# Pcap file header
syswrite($out, pack('H*', "d4c3b2a1020004000000000000000000ffff000001000000"));

my $num = 0;

foreach my $glob (@ARGV) {
print "$glob\n";
foreach my $file (glob $glob) {
print " $file\n";
open my $in, '<', "$file" or die "error opening $file: $!";
binmode($in);

my $buf;
read($in, $buf, 1000000);

my $len = length($buf);

my $pos = 0;
while ($pos < $len) {
my $ilen = unpack("x${pos}n", $buf);
last if ($pos + $ilen + 2 >= $len);
$pos += 2;
syswrite($out, pack('VH*VV', $num, "00000000", $ilen, $ilen));
syswrite($out, $buf, $ilen, $pos);
$pos += $ilen;
$num++;
}

close($in);
}
}
print "$num files\n";
close($out);
}
################################################################################
sub sortObj {
my ($parentkey,$obj) = @_;
for my $key (keys %{$obj}) {
Expand Down Expand Up @@ -459,7 +502,7 @@ sub doViewer {
} elsif ($ARGV[0] eq "--copy") {
$main::copy = "--copy";
shift @ARGV;
} elsif ($ARGV[0] =~ /^--(viewer|fix|make|capture|viewernostart|viewerstart|viewerhang|viewerload|help|reip|fuzz|fuzz2pcap)$/) {
} elsif ($ARGV[0] =~ /^--(viewer|fix|make|capture|viewernostart|viewerstart|viewerhang|viewerload|help|reip|fuzz|fuzz2pcap|fuzz2pcapAll)$/) {
$main::cmd = $ARGV[0];
shift @ARGV;
} elsif ($ARGV[0] =~ /^--/) {
Expand All @@ -484,23 +527,26 @@ sub doViewer {
system($cmd);
} elsif ($main::cmd eq "--fuzz2pcap") {
doFuzz2Pcap();
} elsif ($main::cmd eq "--fuzz2pcapAll") {
doFuzz2PcapAll();
} elsif ($main::cmd eq "--help") {
print "$ARGV[0] [OPTIONS] [COMMAND] <pcap> files\n";
print "Options:\n";
print " --elasticsearch <url> Set elasticsearch URL\n";
print " --debug Turn on debuggin\n";
print " --valgrind Use valgrind on capture\n";
print " --elasticsearch <url> Set elasticsearch URL\n";
print " --debug Turn on debuggin\n";
print " --valgrind Use valgrind on capture\n";
print "\n";
print "Commands:\n";
print " --help This help\n";
print " --make Create a .test file for each .pcap file on command line\n";
print " --reip file ip newip Create file.tmp, replace ip with newip\n";
print " --viewer viewer tests\n";
print " This will init local ES, import data, start a viewer, run tests\n";
print " --viewerstart Viewer tests without reloading pcap\n";
print " --fuzz [fuzzoptions] Run fuzzloch\n";
print " --fuzz2pcap Convert a fuzzloch crash file into a pcap file\n";
print " [default] [pcap files] Run each .pcap (default pcap/*.pcap) file thru ../capture/capture and compare to .test file\n";
print " --help This help\n";
print " --make Create a .test file for each .pcap file on command line\n";
print " --reip file ip newip Create file.tmp, replace ip with newip\n";
print " --viewer viewer tests\n";
print " This will init local ES, import data, start a viewer, run tests\n";
print " --viewerstart Viewer tests without reloading pcap\n";
print " --fuzz [fuzzoptions] Run fuzzloch\n";
print " --fuzz2pcap Convert list of fuzzloch crash file into matching pcap file\n";
print " --fuzz2pcapAll <f> <g> Convert list of fuzzloch crash file into all.pcap file\n";
print " [default] [pcap files] Run each .pcap (default pcap/*.pcap) file thru ../capture/capture and compare to .test file\n";
} elsif ($main::cmd =~ "^--viewer") {
doGeo();
setpgrp $$, 0;
Expand Down

0 comments on commit 40161ca

Please sign in to comment.