Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Add TCP options bad length check

Browse source
This commit is contained in:
Fatema BW 2022-07-28 22:51:15 -07:00 committed by GitHub
parent 28081d1efa
commit 622733c4ba
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 44 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

44
src/packet_analysis/protocol/tcp/TCPSessionAdapter.cc
View file

@ -1803,6 +1803,50 @@ int TCPSessionAdapter::ParseTCPOptions(const struct tcphdr* tcp, bool is_orig)
}
break;
case 27:
// TCP Quick Start Response
if ( length == 8)
{
auto rate = o[2];
auto ttl_diff = o[3];
auto qs_nonce = ntohl(*reinterpret_cast<const uint32_t*>(o + 4));
option_record->Assign(8, rate);
option_record->Assign(9, ttl_diff);
option_record->Assign(10, qs_nonce);
}
else
{
add_option_data(option_record, o, length);
Weird("tcp_option_QSResponse_invalid_len", util::fmt("%d", length));
}
break;
case 28:
// TCP User Timeout option UTO
if ( length != 4 )
{
add_option_data(option_record, o, length);
Weird("tcp_option_UTO_invalid_len", util::fmt("%d", length));
}
break;
case 29:
// TCP Auth Option AO
if ( length < 4 )
{
add_option_data(option_record, o, length);
Weird("tcp_option_AO_invalid_len", util::fmt("%d", length));
}
break;
case 34:
// TCP Fast open TFO
if ( (length != 2) && (length < 6 || length > 18) )
{
add_option_data(option_record, o, length);
Weird("tcp_option_TFO_invalid_len", util::fmt("%d", length));
}
break;
default:
add_option_data(option_record, o, length);
break;