Node: Run-time errors for strings with NULs, Next: Functions for manipulating strings, Previous: Run-time errors for non-existing connections, Up: Predefined Functions
While Bro allows NULs embedded within strings (See XXX),
for many of the predefined functions, their presence spells trouble,
particularly when the string is being passed to a C run-time function.
The same holds for strings that are not NUL-terminated. Because
Bro string constants and values returned by Bro functions that construct
strings such as fmt
and cat
are all NUL-terminated, such strings
will not ordinarily arise; but their presence could indicate an attacker
attempting to manipulate either a TCP endpoint, or the monitor itself,
into misinterpreting a string they're sending.
In general, any of the functions above that are passed a string argument
will check for the presence of an embedded NUL or the lack of a terminating
NUL. If either occurs, they generate a run-time message, and the
string is transformed into the value
"<string-with-NUL>"
.
There are three exceptions: clean
, byte_len
, and
sub_bytes
. These functions do not complain about embedded
NULs or lack of trailing NULs.