Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-04 23:58:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Merge branch 'master' into topic/jsiwek/improve_comm_loop

Browse source
This commit is contained in:
Jon Siwek 2014-09-03 09:20:38 -05:00
commit 26887dd71b
9 changed files with 44 additions and 21 deletions
Download patch file Download diff file Expand all files Collapse all files

11
CHANGES
View file

@ -1,4 +1,15 @@
2.3-129 | 2014-09-02 17:21:21 -0700
* Simplify a conditional with equivalent branches. (Jon Siwek)
* Change EDNS parsing code to use rdlength more cautiously. (Jon
Siwek)
* Fix a memory leak when bind() fails due to EADDRINUSE. (Jon Siwek)
* Fix possible buffer over-read in DNS TSIG parsing. (Jon Siwek)
2.3-124 | 2014-08-26 09:24:19 -0500 2.3-124 | 2014-08-26 09:24:19 -0500
* Better documentation for sub_bytes (Jimmy Jones) * Better documentation for sub_bytes (Jimmy Jones)

2
VERSION
View file

@ -1 +1 @@
2.3-124 2.3-129

1
src/RemoteSerializer.cc
View file

@ -4207,6 +4207,7 @@ bool SocketComm::Listen()
safe_close(fd); safe_close(fd);
CloseListenFDs(); CloseListenFDs();
listen_next_try = time(0) + bind_retry_interval; listen_next_try = time(0) + bind_retry_interval;
freeaddrinfo(res0);
return false; return false;
} }

3
src/Val.cc
View file

@ -465,10 +465,7 @@ void Val::Describe(ODesc* d) const
d->SP(); d->SP();
} }
if ( d->IsReadable() )
ValDescribe(d); ValDescribe(d);
else
Val::ValDescribe(d);
} }
void Val::DescribeReST(ODesc* d) const void Val::DescribeReST(ODesc* d) const

33
src/analyzer/protocol/dns/DNS.cc
View file

@ -692,15 +692,23 @@ int DNS_Interpreter::ParseRR_EDNS(DNS_MsgInfo* msg,
data += rdlength; data += rdlength;
len -= rdlength; len -= rdlength;
} }
else
{ // no data, move on
data += rdlength;
len -= rdlength;
}
return 1; return 1;
} }
void DNS_Interpreter::ExtractOctets(const u_char*& data, int& len,
BroString** p)
{
uint16 dlen = ExtractShort(data, len);
dlen = min(len, static_cast<int>(dlen));
if ( p )
*p = new BroString(data, dlen, 0);
data += dlen;
len -= dlen;
}
int DNS_Interpreter::ParseRR_TSIG(DNS_MsgInfo* msg, int DNS_Interpreter::ParseRR_TSIG(DNS_MsgInfo* msg,
const u_char*& data, int& len, int rdlength, const u_char*& data, int& len, int rdlength,
const u_char* msg_start) const u_char* msg_start)
@ -718,24 +726,17 @@ int DNS_Interpreter::ParseRR_TSIG(DNS_MsgInfo* msg,
uint32 sign_time_sec = ExtractLong(data, len); uint32 sign_time_sec = ExtractLong(data, len);
unsigned int sign_time_msec = ExtractShort(data, len); unsigned int sign_time_msec = ExtractShort(data, len);
unsigned int fudge = ExtractShort(data, len); unsigned int fudge = ExtractShort(data, len);
BroString* request_MAC;
u_char request_MAC[16]; ExtractOctets(data, len, &request_MAC);
memcpy(request_MAC, data, sizeof(request_MAC));
// Here we adjust the size of the requested MAC + u_int16_t
// for length. See RFC 2845, sec 2.3.
int n = sizeof(request_MAC) + sizeof(u_int16_t);
data += n;
len -= n;
unsigned int orig_id = ExtractShort(data, len); unsigned int orig_id = ExtractShort(data, len);
unsigned int rr_error = ExtractShort(data, len); unsigned int rr_error = ExtractShort(data, len);
ExtractOctets(data, len, 0); // Other Data
msg->tsig = new TSIG_DATA; msg->tsig = new TSIG_DATA;
msg->tsig->alg_name = msg->tsig->alg_name =
new BroString(alg_name, alg_name_end - alg_name, 1); new BroString(alg_name, alg_name_end - alg_name, 1);
msg->tsig->sig = new BroString(request_MAC, sizeof(request_MAC), 1); msg->tsig->sig = request_MAC;
msg->tsig->time_s = sign_time_sec; msg->tsig->time_s = sign_time_sec;
msg->tsig->time_ms = sign_time_msec; msg->tsig->time_ms = sign_time_msec;
msg->tsig->fudge = fudge; msg->tsig->fudge = fudge;

1
src/analyzer/protocol/dns/DNS.h
View file

@ -180,6 +180,7 @@ protected:
uint16 ExtractShort(const u_char*& data, int& len); uint16 ExtractShort(const u_char*& data, int& len);
uint32 ExtractLong(const u_char*& data, int& len); uint32 ExtractLong(const u_char*& data, int& len);
void ExtractOctets(const u_char*& data, int& len, BroString** p);
int ParseRR_Name(DNS_MsgInfo* msg, int ParseRR_Name(DNS_MsgInfo* msg,
const u_char*& data, int& len, int rdlength, const u_char*& data, int& len, int rdlength,

2
testing/btest/Baseline/scripts.base.protocols.dns.tsig/out Normal file
View file

@ -0,0 +1,2 @@
[query=secret-key, qtype=3, alg_name=hmac-md5.sig-alg.reg.int, sig=F\xbd\xbf1\xef^B6\xb8\xeb\xae1u,\x87\xdb^?, time_signed=21513.794, fudge=300.0, orig_id=9703, rr_error=0, is_query=1]
16

BIN
testing/btest/Traces/dns-tsig.trace Normal file
View file

Binary file not shown.

10
testing/btest/scripts/base/protocols/dns/tsig.bro Normal file
View file

@ -0,0 +1,10 @@
# @TEST-EXEC: bro -r $TRACES/dns-tsig.trace %INPUT >out
# @TEST-EXEC: btest-diff out
redef dns_skip_all_addl = F;
event dns_TSIG_addl(c: connection, msg: dns_msg, ans: dns_tsig_additional)
{
print ans;
print |ans$sig|;
}