Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-06 16:48:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

add a max_line_length flag to ContentLine_Analyzer

Browse source 
In ContentLine_Analyzer, prevent excessively long lines being assembled.
The line length will default to just under 16MB, but can be overriden on
a per-analyzer basis.  This is done for the finger,ident, and irc
analyzers.
This commit is contained in:
Justin Azoff 2017-11-03 16:13:18 -04:00
parent b6e3603481
commit 43b2b9806e
9 changed files with 40 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

13
src/analyzer/protocol/tcp/ContentLine.cc
View file

@ -7,14 +7,14 @@
using namespace analyzer::tcp;
ContentLine_Analyzer::ContentLine_Analyzer(Connection* conn, bool orig)
: TCP_SupportAnalyzer("CONTENTLINE", conn, orig)
ContentLine_Analyzer::ContentLine_Analyzer(Connection* conn, bool orig, int max_line_length)
: TCP_SupportAnalyzer("CONTENTLINE", conn, orig), max_line_length(max_line_length)
{
InitState();
}
ContentLine_Analyzer::ContentLine_Analyzer(const char* name, Connection* conn, bool orig)
: TCP_SupportAnalyzer(name, conn, orig)
ContentLine_Analyzer::ContentLine_Analyzer(const char* name, Connection* conn, bool orig, int max_line_length)
: TCP_SupportAnalyzer(name, conn, orig), max_line_length(max_line_length)
{
InitState();
}
@ -229,6 +229,11 @@ int ContentLine_Analyzer::DoDeliverOnce(int len, const u_char* data)
return seq_len; \
}
if ( offset > max_line_length )
{
Weird("contentline_size_exceeded");
EMIT_LINE
}
switch ( c ) {
case '\r':
// Look ahead for '\n'.