Next: , Previous: Run-time errors for non-existing connections, Up: Predefined Functions



6.2.2 Run-time errors for strings with NULs

While Bro allows NULs embedded within strings (See XXX), for many of the predefined functions, their presence spells trouble, particularly when the string is being passed to a C run-time function. The same holds for strings that are not NUL-terminated. Because Bro string constants and values returned by Bro functions that construct strings such as fmt and cat are all NUL-terminated, such strings will not ordinarily arise; but their presence could indicate an attacker attempting to manipulate either a TCP endpoint, or the monitor itself, into misinterpreting a string they're sending.

In general, any of the functions above that are passed a string argument will check for the presence of an embedded NUL or the lack of a terminating NUL. If either occurs, they generate a run-time message, and the string is transformed into the value "<string-with-NUL>".

There are three exceptions: clean, byte_len, and sub_bytes. These functions do not complain about embedded NULs or lack of trailing NULs.