Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Spicy SSL analyzer: move exceptions to &requires & throw

Browse source 
This commit changes exception handling in a couple of places, to prefer
the use of &requires and throw.
This commit is contained in:
Johanna Amann 2025-06-26 13:38:43 +01:00
parent dbeadc65ba
commit 2ce0d4f73b
1 changed files with 4 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

15
src/analyzer/protocol/ssl/spicy/SSL.spicy
View file

@ -721,7 +721,7 @@ type SSL2Record = unit(lengthone: uint8, inout msg: Message, inout sh: Share) {
on %init { on %init {
if (sh.negotiated_version != UNKNOWN_VERSION && sh.negotiated_version != SSLv2) { if (sh.negotiated_version != UNKNOWN_VERSION && sh.negotiated_version != SSLv2) {
spicy::decline_input("Late switch to SSLv2 record"); throw "Late switch to SSLv2 record";
} }
} }
}; };
@ -971,7 +971,7 @@ type uint24 = unit {
type SSL2ClientHello = unit(len: uint64, msg: Message, inout sh: Share) { type SSL2ClientHello = unit(len: uint64, msg: Message, inout sh: Share) {
direction_check: DirectionCheck(sh, True); # should be sent by originator direction_check: DirectionCheck(sh, True); # should be sent by originator
client_version: uint16; client_version: uint16 &requires=($$ == SSLv2 || $$ == SSLv3 || $$ == TLSv10 || $$ == TLSv11 || $$ == TLSv12 : "Invalid version in SSL client hello. Version: %s" % $$);
ciphers_len: uint16; ciphers_len: uint16;
session_len: uint16; session_len: uint16;
chal_len: uint16; chal_len: uint16;
@ -979,16 +979,9 @@ type SSL2ClientHello = unit(len: uint64, msg: Message, inout sh: Share) {
session_id: bytes &size=self.session_len; session_id: bytes &size=self.session_len;
challenge: bytes &size=self.chal_len; challenge: bytes &size=self.chal_len;
on client_version {
if (self.client_version != SSLv2 && self.client_version != SSLv3 && self.client_version != TLSv10 && self.client_version != TLSv11 && self.client_version != TLSv12) {
spicy::decline_input("Invalid version in SSL client hello. Version: %s, self.client_version"); # Version: " + self.client_version);
zeek::skip_input();
}
}
on %init { on %init {
if (msg.first_packet == False) { if (msg.first_packet == False) {
spicy::decline_input("SSLv2 client hello late in connection"); throw "SSLv2 client hello late in connection";
} }
} }
}; };
@ -1007,7 +1000,7 @@ type SSL2ServerHello = unit(len: uint64, msg: Message, inout sh: Share) {
on %init { on %init {
if (msg.first_packet == False) { if (msg.first_packet == False) {
spicy::decline_input("SSLv2 server hello late in connection"); throw "SSLv2 server hello late in connection";
} }
} }