Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Merge remote-tracking branch 'origin/topic/seth/dns-srv-fix'

Browse source 
* origin/topic/seth/dns-srv-fix:
  No longer accidentally attempting to parse NBSTAT RRs as SRV RRs.
  Fix DNS SRV responses and a small issue with NBNS queries and label length.

BIT-1147 #merged
This commit is contained in:
Robin Sommer 2014-03-09 08:57:37 -07:00
commit 69d52feb18
6 changed files with 67 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

36
src/analyzer/protocol/dns/DNS.cc
View file

@ -208,6 +208,7 @@ int DNS_Interpreter::ParseAnswer(DNS_MsgInfo* msg,
int name_len = sizeof(name) - 1;
u_char* name_end = ExtractName(data, len, name, name_len, msg_start);
if ( ! name_end )
return 0;
@ -275,7 +276,17 @@ int DNS_Interpreter::ParseAnswer(DNS_MsgInfo* msg,
break;
case TYPE_SRV:
status = ParseRR_SRV(msg, data, len, rdlength, msg_start);
if ( ntohs(analyzer->Conn()->RespPort()) == 137 )
{
// This is an NBSTAT (NetBIOS NODE STATUS) record.
// The SRV RFC reused the value that was already being
// used for this.
// We aren't parsing this yet.
status = 1;
}
else
status = ParseRR_SRV(msg, data, len, rdlength, msg_start);
break;
case TYPE_EDNS:
@ -400,7 +411,9 @@ int DNS_Interpreter::ExtractLabel(const u_char*& data, int& len,
return 0;
}
if ( label_len > 63 )
if ( label_len > 63 &&
// NetBIOS name service look ups can use longer labels.
ntohs(analyzer->Conn()->RespPort()) != 137 )
{
analyzer->Weird("DNS_label_too_long");
return 0;
@ -633,15 +646,24 @@ int DNS_Interpreter::ParseRR_SRV(DNS_MsgInfo* msg,
u_char* name_end = ExtractName(data, len, name, name_len, msg_start);
if ( ! name_end )
return 0;
*name_end = 0; // terminate name so we can use it in snprintf()
if ( data - data_start != rdlength )
analyzer->Weird("DNS_RR_length_mismatch");
// The following is just a placeholder.
char buf[2048];
safe_snprintf(buf, sizeof(buf), "SRV %s priority=%d weight=%d port=%d",
name, priority, weight, port);
if ( dns_SRV_reply && ! msg->skip_event )
{
val_list* vl = new val_list;
vl->append(analyzer->BuildConnVal());
vl->append(msg->BuildHdrVal());
vl->append(msg->BuildAnswerVal());
vl->append(new StringVal(new BroString(name, name_end - name, 1)));
vl->append(new Val(priority, TYPE_COUNT));
vl->append(new Val(weight, TYPE_COUNT));
vl->append(new Val(port, TYPE_COUNT));
analyzer->ConnectionEvent(dns_SRV_reply, vl);
}
return 1;
}