From 40161ca9e489684c9bb9f9f5ac0574dd1ffef804 Mon Sep 17 00:00:00 2001 From: Andy Wick Date: Mon, 25 Mar 2024 07:53:44 -0400 Subject: [PATCH] if answer->name is empty use non unicode (#2717) * if answer->name is empty use non unicode * fix memory leak, improve fuzz2pcapAll --- capture/parsers/dns.c | 6 +++- tests/tests.pl | 76 ++++++++++++++++++++++++++++++++++--------- 2 files changed, 66 insertions(+), 16 deletions(-) diff --git a/capture/parsers/dns.c b/capture/parsers/dns.c index 082fd4cb30..b9066e3c7e 100644 --- a/capture/parsers/dns.c +++ b/capture/parsers/dns.c @@ -283,7 +283,7 @@ LOCAL DNSSVCBRData_t *dns_parser_rr_svcb(const uint8_t *data, int length) } if (!namelen) { - svcbData->dname = (char *)"."; + svcbData->dname = g_strdup("."); namelen = 1; } else { svcbData->dname = g_hostname_to_unicode(name); @@ -599,6 +599,8 @@ LOCAL void dns_parser(ArkimeSession_t *session, int kind, const uint8_t *data, i namelen = 6; } else { answer->name = g_hostname_to_unicode(name); + if (!answer->name) + answer->name = g_strndup(name, namelen); if (arkime_memstr((const char *)name, len, "xn--", 4)) { ArkimeString_t *hstring; HASH_FIND(s_, *(dns->punyHosts), name, hstring); @@ -1243,6 +1245,8 @@ void dns_save(BSB *jbsb, ArkimeFieldObject_t *object, struct arkime_session *ses break; case DNS_RR_HTTPS: { BSB_EXPORT_sprintf(*jbsb, "\"https\":\"HTTPS %u %s ", answer->svcb->priority, answer->svcb->dname); + g_free(answer->svcb->dname); + DNSSVCBRDataFieldValue_t *fieldValue; while (DLL_COUNT(t_, &(answer->svcb->fieldValues)) > 0) { DLL_POP_HEAD(t_, &(answer->svcb->fieldValues), fieldValue); diff --git a/tests/tests.pl b/tests/tests.pl index 9dc7c8c19b..11c5c664eb 100755 --- a/tests/tests.pl +++ b/tests/tests.pl @@ -51,7 +51,7 @@ sub doGeo { sub doFuzz2Pcap { my @files = @ARGV; foreach my $file (@files) { - print "$file\n";; + print "$file\n"; open my $in, '<', "$file" or die "error opening $file: $!"; open my $out, '>', "$file.pcap" or die "error opening $file.pcap: $!"; binmode($in); @@ -62,7 +62,7 @@ sub doFuzz2Pcap { my $len = length($buf); - # Pcap header + # Pcap file header syswrite($out, pack('H*', "d4c3b2a1020004000000000000000000ffff000001000000")); my $pos = 0; @@ -81,6 +81,49 @@ sub doFuzz2Pcap { } } ################################################################################ +sub doFuzz2PcapAll { + die " [,,]" if ($#ARGV < 1); + + open my $out, '>', $ARGV[0] or die "error opening $ARGV[0]: $!"; + binmode($out); + + shift @ARGV; + + # Pcap file header + syswrite($out, pack('H*', "d4c3b2a1020004000000000000000000ffff000001000000")); + + my $num = 0; + + foreach my $glob (@ARGV) { + print "$glob\n"; + foreach my $file (glob $glob) { + print " $file\n"; + open my $in, '<', "$file" or die "error opening $file: $!"; + binmode($in); + + my $buf; + read($in, $buf, 1000000); + + my $len = length($buf); + + my $pos = 0; + while ($pos < $len) { + my $ilen = unpack("x${pos}n", $buf); + last if ($pos + $ilen + 2 >= $len); + $pos += 2; + syswrite($out, pack('VH*VV', $num, "00000000", $ilen, $ilen)); + syswrite($out, $buf, $ilen, $pos); + $pos += $ilen; + $num++; + } + + close($in); + } + } + print "$num files\n"; + close($out); +} +################################################################################ sub sortObj { my ($parentkey,$obj) = @_; for my $key (keys %{$obj}) { @@ -459,7 +502,7 @@ sub doViewer { } elsif ($ARGV[0] eq "--copy") { $main::copy = "--copy"; shift @ARGV; - } elsif ($ARGV[0] =~ /^--(viewer|fix|make|capture|viewernostart|viewerstart|viewerhang|viewerload|help|reip|fuzz|fuzz2pcap)$/) { + } elsif ($ARGV[0] =~ /^--(viewer|fix|make|capture|viewernostart|viewerstart|viewerhang|viewerload|help|reip|fuzz|fuzz2pcap|fuzz2pcapAll)$/) { $main::cmd = $ARGV[0]; shift @ARGV; } elsif ($ARGV[0] =~ /^--/) { @@ -484,23 +527,26 @@ sub doViewer { system($cmd); } elsif ($main::cmd eq "--fuzz2pcap") { doFuzz2Pcap(); +} elsif ($main::cmd eq "--fuzz2pcapAll") { + doFuzz2PcapAll(); } elsif ($main::cmd eq "--help") { print "$ARGV[0] [OPTIONS] [COMMAND] files\n"; print "Options:\n"; - print " --elasticsearch Set elasticsearch URL\n"; - print " --debug Turn on debuggin\n"; - print " --valgrind Use valgrind on capture\n"; + print " --elasticsearch Set elasticsearch URL\n"; + print " --debug Turn on debuggin\n"; + print " --valgrind Use valgrind on capture\n"; print "\n"; print "Commands:\n"; - print " --help This help\n"; - print " --make Create a .test file for each .pcap file on command line\n"; - print " --reip file ip newip Create file.tmp, replace ip with newip\n"; - print " --viewer viewer tests\n"; - print " This will init local ES, import data, start a viewer, run tests\n"; - print " --viewerstart Viewer tests without reloading pcap\n"; - print " --fuzz [fuzzoptions] Run fuzzloch\n"; - print " --fuzz2pcap Convert a fuzzloch crash file into a pcap file\n"; - print " [default] [pcap files] Run each .pcap (default pcap/*.pcap) file thru ../capture/capture and compare to .test file\n"; + print " --help This help\n"; + print " --make Create a .test file for each .pcap file on command line\n"; + print " --reip file ip newip Create file.tmp, replace ip with newip\n"; + print " --viewer viewer tests\n"; + print " This will init local ES, import data, start a viewer, run tests\n"; + print " --viewerstart Viewer tests without reloading pcap\n"; + print " --fuzz [fuzzoptions] Run fuzzloch\n"; + print " --fuzz2pcap Convert list of fuzzloch crash file into matching pcap file\n"; + print " --fuzz2pcapAll Convert list of fuzzloch crash file into all.pcap file\n"; + print " [default] [pcap files] Run each .pcap (default pcap/*.pcap) file thru ../capture/capture and compare to .test file\n"; } elsif ($main::cmd =~ "^--viewer") { doGeo(); setpgrp $$, 0;