From 55ce8310a07e24dc26e8293623fae4d3f030dcbe Mon Sep 17 00:00:00 2001 From: Johanna Amann Date: Mon, 30 Mar 2015 11:36:01 -0700 Subject: [PATCH] Limit maximum number of DTLS fragments to 30. Addresses BIT-1359 --- src/analyzer/protocol/ssl/dtls-analyzer.pac | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/analyzer/protocol/ssl/dtls-analyzer.pac b/src/analyzer/protocol/ssl/dtls-analyzer.pac index f4c2df9e3f..a71658f2df 100644 --- a/src/analyzer/protocol/ssl/dtls-analyzer.pac +++ b/src/analyzer/protocol/ssl/dtls-analyzer.pac @@ -122,9 +122,9 @@ refine connection SSL_Conn += { if ( i->message_last_sequence != 0 && i->first_sequence_seen ) { uint64 total_length = i->message_last_sequence - i->message_first_sequence; - if ( total_length > 32 ) + if ( total_length > 30 ) { - bro_analyzer()->ProtocolViolation(fmt("DTLS Message fragmented over more than 32 pieces. Cannot reassemble.")); + bro_analyzer()->ProtocolViolation(fmt("DTLS Message fragmented over more than 30 pieces. Cannot reassemble.")); return true; }