Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-14 20:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Merge remote-tracking branch 'security/topic/awelzel/200-pop-fuzzer-timeout'

Browse source 
* security/topic/awelzel/200-pop-fuzzer-timeout:
  ssl: Prevent unbounded ssl_history growth
  ssl: Cap number of alerts parsed from SSL record
This commit is contained in:
Tim Wojtulewicz 2023-10-27 11:04:03 -07:00
commit 091c849abe
9 changed files with 79 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

5
scripts/base/init-bare.zeek
View file

@ -4495,6 +4495,11 @@ const SSL::dtls_max_version_errors = 10 &redef;
## Maximum number of invalid version errors to report in one DTLS connection.
const SSL::dtls_max_reported_version_errors = 1 &redef;
## Maximum number of Alert messages parsed from an SSL record with
## content_type alert (21). The remaining alerts are discarded. For
## TLS 1.3 connections, this is implicitly 1 as defined by RFC 8446.
const SSL::max_alerts_per_record = 10 &redef;
}
module GLOBAL;