Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Merge branch 'patch-1' of https://github.com/fatemabw/zeek

Browse source 
* 'patch-1' of https://github.com/fatemabw/zeek:
  Patch for the Revoked bit set in DNSKEY Flag
This commit is contained in:
Jon Siwek 2019-01-16 10:57:10 -06:00
commit 5eab9b9d47
3 changed files with 13 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

9
src/analyzer/protocol/dns/DNS.cc
View file

@ -924,9 +924,16 @@ int DNS_Interpreter::ParseRR_DNSKEY(DNS_MsgInfo* msg,
//Evaluating the size of remaining bytes for Public Key
BroString* key = ExtractStream(data, len, rdlength - 4);
if ( dflags != 256 and dflags != 257 and dflags != 0 )
// flags bit 7: zone key
// flags bit 8: revoked
// flags bit 15: Secure Entry Point, key signing key
if ( (dflags & 0xfe7e) != 0 )
analyzer->Weird("DNSSEC_DNSKEY_Invalid_Flag", fmt("%d", dflags));
// flags bit 7, 8, and 15 all set
if ( (dflags & 0x0181) == 0x0181 )
analyzer->Weird("DNSSEC_DNSKEY_Revoked_KSK", fmt("%d", dflags));
if ( dprotocol != 3 )
analyzer->Weird("DNSSEC_DNSKEY_Invalid_Protocol", fmt("%d", dprotocol));