USArmyResearchLab / Dshell

Dshell is a network forensic analysis framework.
Other
5.45k stars 1.15k forks source link

Fixed UDP maxblobs bug in dshell.py #100

Closed dev195 closed 7 years ago

dev195 commented 7 years ago

Fixed a bug in dshell.py that involved how UDPDecoders handled maxblobs.

When maxblobs is hit in the track function, it reset the Connection object. However, for UDPDecoder objects, an extra step is necessary to set the offsets to zero when creating new Connection objects. Not doing this raises an exception when using newly created Connections:

WARNING:testudp:unsupported operand type(s) for +: 'NoneType' and 'int'
Traceback (most recent call last):
  File "/home/user/dshell/lib/dshell.py", line 644, in UDP
    self.track(addr, data, ts, **kwargs)
  File "/home/user/dshell/lib/dshell.py", line 401, in track
    blob = conn.update(ts, direction, data, offset=offset)
  File "/home/user/dshell/lib/dshell.py", line 973, in update
    self.blobs[-1].update(ts, data, offset=offset)  # update latest blob
  File "/home/user/dshell/lib/dshell.py", line 1037, in update
    if (offset + len(data)) & self.MAX_OFFSET >= self.endoffset:
TypeError: unsupported operand type(s) for +: 'NoneType' and 'int'

This patch hopefully fixes the bug by moving when Blobs are handled and when Connections are created after hitting maxblobs. It also has the UDP function check for None offsets, indicating that a Connection is new, and set them to 0.