Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Merge branch 'patch-1' of https://github.com/fatemabw/zeek

Browse source 
* 'patch-1' of https://github.com/fatemabw/zeek:
  Patch for the Revoked bit set in DNSKEY Flag
This commit is contained in:
Jon Siwek 2019-01-16 10:57:10 -06:00
commit 5eab9b9d47
3 changed files with 13 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

4
CHANGES
View file

@ -1,4 +1,8 @@
2.6-80 | 2019-01-16 11:14:47 -0600
* Patch to recognized the Revoked bit in DNSKEY Flag (Fatema BW)
2.6-77 | 2019-01-15 14:24:55 -0600 2.6-77 | 2019-01-15 14:24:55 -0600
* GH-170: fix segfault triggered by invalid pattern symbols (Jon Siwek, Corelight) * GH-170: fix segfault triggered by invalid pattern symbols (Jon Siwek, Corelight)

2
VERSION
View file

@ -1 +1 @@
2.6-77 2.6-80

9
src/analyzer/protocol/dns/DNS.cc
View file

@ -924,9 +924,16 @@ int DNS_Interpreter::ParseRR_DNSKEY(DNS_MsgInfo* msg,
//Evaluating the size of remaining bytes for Public Key //Evaluating the size of remaining bytes for Public Key
BroString* key = ExtractStream(data, len, rdlength - 4); BroString* key = ExtractStream(data, len, rdlength - 4);
if ( dflags != 256 and dflags != 257 and dflags != 0 ) // flags bit 7: zone key
// flags bit 8: revoked
// flags bit 15: Secure Entry Point, key signing key
if ( (dflags & 0xfe7e) != 0 )
analyzer->Weird("DNSSEC_DNSKEY_Invalid_Flag", fmt("%d", dflags)); analyzer->Weird("DNSSEC_DNSKEY_Invalid_Flag", fmt("%d", dflags));
// flags bit 7, 8, and 15 all set
if ( (dflags & 0x0181) == 0x0181 )
analyzer->Weird("DNSSEC_DNSKEY_Revoked_KSK", fmt("%d", dflags));
if ( dprotocol != 3 ) if ( dprotocol != 3 )
analyzer->Weird("DNSSEC_DNSKEY_Invalid_Protocol", fmt("%d", dprotocol)); analyzer->Weird("DNSSEC_DNSKEY_Invalid_Protocol", fmt("%d", dprotocol));