BIG OOPS. I mis-matched the code snippet in my original email. Correct
snippet for Line 156 is shown below:
Source File: icap-analyzer-http.pac
Multiple calls to HTTP_Analyzer::DeliverStream()
Source File: HTTP.cc
Line 875, void HTTP_Analyzer::DeliverStream(int len, const u_char* data, bool
is_orig))
...
Line 1018, case EXPECT_REPLY_MESSAGE:
Line 1019, reply_message->Deliver(len, line, 1);
Line 78, void HTTP_Entity::Deliver(int len, const char* data, int
trailing_CRLF)
...
Line 154, else if( content_length >= 0 )
Line 155, {
Line 156, ASSERT(! trailing_CRLF);
As you can see, Line 1019 passes '1' as the value for trailing_CRLF and then
Line 156 complains if the value is '1', causing Bro to abort.
Mark
From: Fernandez, Mark I
Sent: Tuesday, November 01, 2016 9:45 AM
To: '[email protected]' <[email protected]>
Subject: Bro Debug Mode :: Assert Failed in HTTP.cc Line 156
Bro Dev Team,
While trying to translate the ICAP Analyzer into a Bro Plugin, I discovered
that my ICAP Analyzer fails an assertion in HTTP.cc Line 156. I discovered it
only recently because last week I compiled Bro in debug mode for the first time
in order to troubleshoot the Plugin. (Fact: I never compiled Bro in debug mode
when originally developing the ICAP Analyzer last year, didn't need to do so at
the time.)
Shown below is a sample of the code trace, starting in the ICAP Analyzer and
transiting into the HTTP Analyzer.
Source File: icap-analyzer-http.pac
Multiple calls to HTTP_Analyzer::DeliverStream()
Source File: HTTP.cc
Line 875, void HTTP_Analyzer::DeliverStream(int len, const u_char* data, bool
is_orig))
...
Line 1018, case EXPECT_REPLY_MESSAGE:
Line 1019, reply_message->Deliver(len, line, 1);
Line 78, void HTTP_Entity::Deliver(int len, const char* data, int
trailing_CRLF)
...
Line 133, case EXPECT_CHUNK_DATA:
Line 134, ASSERT(! trailing_CRLF);
As you can see, Line 1019 passes '1' as the value for trailing_CRLF and then
Line 134 complains if the value is '1', causing Bro to abort.
When compiled in release mode, this failed assert does not affect operations.
The ICAP Analyzer is able to inject the ICAP payload into the HTTP Analyzer,
and it functions as expected. However, in debug mode, the failed assert cause
Bro to abort. I thought this was unusual, and I wanted to report it.
Cheers!
Mark
Mark I. Fernandez
MITRE Corporation
Email: [email protected]<mailto:[email protected]>
MITRE is a not-for-profit corporation that operates
several Federally Funded Research and Development
Centers (FFRDCs) in the interests of the US Government.
_______________________________________________
bro-dev mailing list
[email protected]
http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
