Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-17 05:58:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Fix binpac exception in RFB analyzer.

Browse source 
The RFB analyzer's state machine did not foresee that a server could
send two subsequent messages in one packet. This would result in the
error. Patch by Martin van Hensbergen.
This commit is contained in:
Robin Sommer 2016-06-06 18:06:23 -07:00
parent 17dc28b8a8
commit 83639e9147
2 changed files with 7 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

8
src/analyzer/protocol/rfb/rfb-analyzer.pac
View file

@ -150,8 +150,12 @@ refine connection RFB_Conn += {
} }
if ( msg->sectype() == 2 ) if ( msg->sectype() == 2 )
{ //VNC { // VNC
state = AWAITING_SERVER_CHALLENGE; if ( ${msg.possible_challenge}.length() == 16 )
// Challenge was already sent with this message
state = AWAITING_CLIENT_RESPONSE;
else
state = AWAITING_SERVER_CHALLENGE;
} }
return true; return true;
%} %}

1
src/analyzer/protocol/rfb/rfb-protocol.pac
View file

@ -28,6 +28,7 @@ type RFBProtocolVersion (client: bool) = record {
type RFBSecurityTypes = record { type RFBSecurityTypes = record {
sectype: uint32; sectype: uint32;
possible_challenge: bytestring &restofdata;
} &let { } &let {
proc: bool = $context.connection.handle_security_types(this); proc: bool = $context.connection.handle_security_types(this);
proc2: bool = $context.flow.proc_security_types(this); proc2: bool = $context.flow.proc_security_types(this);