a887982e58
Update to 2.5.4 which fixes multiple memory allocation issues: - Multiple fixes and improvements to BinPAC generated code related to array parsing, with potential impact to all Bro's BinPAC-generated analyzers in the form of buffer over-reads or other invalid memory accesses depending on whether a particular analyzer incorrectly assumed that the evaulated-array-length expression is actually the number of elements that were parsed out from the input. - The NCP analyzer (not enabled by default and also updated to actually work with newer Bro APIs in the release) performed a memory allocation based directly on a field in the input packet and using signed integer storage. This could result in a signed integer overflow and memory allocations of negative or very large size, leading to a crash or memory exhaustion. The new NCP::max_frame_size tuning option now limits the maximum amount of memory that can be allocated. Other fixes: - A memory leak in the SMBv1 analyzer. - The MySQL analyzer was generally not working as intended, for example, it now is able to parse responses that contain multiple results/rows. Add gettext-runtime to USES to address a poudriere testport warning. Reviewed by: matthew (mentor) Approved by: matthew (mentor) Security: 2f4fd3aa-32f8-4116-92f2-68f05398348e Differential Revision: https://reviews.freebsd.org/D15678 Approved by: ports-secteam (feld), matthew (mentor) |
||
|---|---|---|
| .. | ||
| files | ||
| distinfo | ||
| Makefile | ||
| pkg-descr | ||
| pkg-plist | ||