Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

ldap: Avoid unset m$opcode

Browse source 
Initial fuzzing caused a bind response to arrive before a bind request,
resulting in an unset field expression error:

    expression error in base/protocols/ldap/main.zeek, line 270: field value missing (LDAP::m$opcode)

Prevent this by ensuring m$opcode is set and raising instead.
This commit is contained in:
Arne Welzel 2024-08-01 21:11:38 +02:00
parent 92d4e50b48
commit 83a2eb3665
1 changed files with 4 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

4
scripts/base/protocols/ldap/main.zeek
View file

@ -229,6 +229,10 @@ event LDAP::message(c: connection,
fmt("%s: %s -> %s", message_id, m$opcode, opcode_str), "LDAP");
}
m$opcode = opcode_str;
} else if ( ! m?$opcode ) {
# This can happen if we see a bind response before the bind request.
Reporter::conn_weird("LDAP_bind_without_opcode", c, fmt("%s: %s", message_id, opcode_str), "LDAP");
m$opcode = opcode_str;
}