Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-05 16:18:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

ssl: Prevent unbounded ssl_history growth

Browse source 
The ssl_history field may grow unbounded (e.g., ssl_alert event). Prevent this
by capping using a configurable limit (default 100) and raise a weird once reached.
This commit is contained in:
Arne Welzel 2023-10-19 16:32:12 +02:00 committed by Tim Wojtulewicz
parent 39a7375f0c
commit 5984792f04
6 changed files with 33 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

12
testing/btest/scripts/base/protocols/ssl/max-history-length.test Normal file
View file

@ -0,0 +1,12 @@
# Test max history length functionality
# @TEST-EXEC: zeek -r $TRACES/tls/tls-conn-with-extensions.trace
# @TEST-EXEC: zeek-cut uid ssl_history < ssl.log > ssl-max-history-length-default.log
# @TEST-EXEC: btest-diff ssl-max-history-length-default.log
# @TEST-EXEC: ! test -f weird.log
#
# @TEST-EXEC: zeek -r $TRACES/tls/tls-conn-with-extensions.trace SSL::max_ssl_history_length=3
# @TEST-EXEC: zeek-cut uid ssl_history < ssl.log > ssl-max-history-length-3.log
# @TEST-EXEC: zeek-cut uid name < weird.log > weird-max-history-length-3.log
# @TEST-EXEC: btest-diff ssl-max-history-length-3.log
# @TEST-EXEC: btest-diff weird-max-history-length-3.log