Record fields with &default
constructors and expiration attributes may not trigger their timers, causing state leaks
#3513
Labels
Area: Scripting
Complexity: Modest
A cup of tea and an evening (or two) with Zeek.
Implementation: Core
Implementation requires modification of the Zeek core
Type: Bug 🐛
Unexpected behavior or output.
As discussed on Slack, in the following snippet from
SMB::State$recent_files
the&read_expire
timer never applies, causing the set to grow indefinitely:It works when using:
The cause is differing associativity —
vs
as evidenced by the fact that the following does not parse, since the parser has no alternative to fall back to:
A few ideas for fixes:
&default=(string_set() &read_expire=3min)
.&default
implies), because those attributes will be lost if the field is initially missing but later populated. So we could check for that case and generate a warning (or error outright).It might be good to review our attribute code to see whether we have any others that allow expressions that introduce their own attributes.
Scanning the scripts tree finds no other instance where we use
&default
with an expiration timer and a derived type.I'm adding this to 6.2
and the backport list for 6.0.Let's see how we resolve this and determine backporting then.@awelzel, @vpax, fyi.
Related: zeek/zeek-docs#179
The text was updated successfully, but these errors were encountered: