Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

ssl: Only delete c$ssl$analyzer_id when disabling the analyzer was successful

Browse source 
The next patch will have a test script rely on c$ssl$analyzer_id staying
around when disable_analyzer() wasn't successful.

I was tempted to remove the `delete` completely as neither RDP nor SSH
have that and not sure why SSL is special here.
This commit is contained in:
Arne Welzel 2022-08-09 11:05:55 +02:00
parent a15cd2a7b7
commit 02985b9966
1 changed files with 2 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

4
scripts/base/protocols/ssl/main.zeek
View file

@ -255,11 +255,9 @@ function finish(c: connection, remove_analyzer: bool)
{ {
log_record(c$ssl); log_record(c$ssl);
if ( remove_analyzer && disable_analyzer_after_detection && c?$ssl && c$ssl?$analyzer_id ) if ( remove_analyzer && disable_analyzer_after_detection && c?$ssl && c$ssl?$analyzer_id )
{ if ( disable_analyzer(c$id, c$ssl$analyzer_id) )
disable_analyzer(c$id, c$ssl$analyzer_id);
delete c$ssl$analyzer_id; delete c$ssl$analyzer_id;
} }
}
event ssl_client_hello(c: connection, version: count, record_version: count, possible_ts: time, client_random: string, session_id: string, ciphers: index_vec, comp_methods: index_vec) &priority=5 event ssl_client_hello(c: connection, version: count, record_version: count, possible_ts: time, client_random: string, session_id: string, ciphers: index_vec, comp_methods: index_vec) &priority=5
{ {