mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 06:38:20 +00:00
Fix hang in DNS analyzer with malformed packet
(cherry picked from commit dfc9f77b68f6d02d059ade322b9c132e32c26872)
This commit is contained in:
Tim Wojtulewicz
parent
41aa8b2349
commit
9964a46402
4 changed files with 22 additions and 3 deletions
6
CHANGES
6
CHANGES
|
|
@ -1,3 +1,9 @@
|
||||||
|
5.0.0-dev.572 | 2022-06-03 10:31:51 -0700
|
||||||
|
|
||||||
|
* Fix hang in DNS analyzer with malformed packet (Tim Wojtulewicz, Corelight)
|
||||||
|
|
||||||
|
(cherry picked from commit dfc9f77b68f6d02d059ade322b9c132e32c26872)
|
||||||
|
|
||||||
5.0.0-dev.571 | 2022-06-03 09:50:45 -0700
|
5.0.0-dev.571 | 2022-06-03 09:50:45 -0700
|
||||||
|
|
||||||
* Additional &is_used tags in the Netcontrol and Sumstats frameworks (Christian Kreibich, Corelight)
|
* Additional &is_used tags in the Netcontrol and Sumstats frameworks (Christian Kreibich, Corelight)
|
||||||
|
|
|
||||||
2
VERSION
2
VERSION
|
|
@ -1 +1 @@
|
||||||
5.0.0-dev.571
|
5.0.0-dev.572
|
||||||
|
|
|
||||||
|
|
@ -236,6 +236,11 @@ bool DNS_Interpreter::ParseAnswer(detail::DNS_MsgInfo* msg, const u_char*& data,
|
||||||
analyzer->Weird("DNS_truncated_RR_rdlength_lt_len");
|
analyzer->Weird("DNS_truncated_RR_rdlength_lt_len");
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
else if ( rdlength == 0 && len > 0 )
|
||||||
|
{
|
||||||
|
analyzer->Weird("DNS_zero_rdlength");
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
bool status;
|
bool status;
|
||||||
switch ( msg->atype )
|
switch ( msg->atype )
|
||||||
|
|
@ -690,8 +695,9 @@ bool DNS_Interpreter::ParseRR_EDNS(detail::DNS_MsgInfo* msg, const u_char*& data
|
||||||
analyzer->EnqueueConnEvent(dns_EDNS_addl, analyzer->ConnVal(), msg->BuildHdrVal(),
|
analyzer->EnqueueConnEvent(dns_EDNS_addl, analyzer->ConnVal(), msg->BuildHdrVal(),
|
||||||
msg->BuildEDNS_Val());
|
msg->BuildEDNS_Val());
|
||||||
|
|
||||||
// parse EDNS options
|
// parse EDNS options. length has to be at least 4 to parse out the option
|
||||||
while ( len > 0 )
|
// code and length.
|
||||||
|
while ( len >= 4 )
|
||||||
{
|
{
|
||||||
uint16_t option_code = ExtractShort(data, len);
|
uint16_t option_code = ExtractShort(data, len);
|
||||||
int option_len = ExtractShort(data, len);
|
int option_len = ExtractShort(data, len);
|
||||||
|
|
@ -891,6 +897,12 @@ bool DNS_Interpreter::ParseRR_EDNS(detail::DNS_MsgInfo* msg, const u_char*& data
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if ( len > 0 )
|
||||||
|
{
|
||||||
|
analyzer->Weird("EDNS_truncated_option");
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -12,4 +12,5 @@ XXXXXXXXXX.XXXXXX ClEkJM2Vm5giqnMf4h 74.125.73.76 55744 192.168.90.10 53 EDNS_EC
|
||||||
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 2a00:1450:4013:c03::10a 46433 2001:470:765b::a25:53 53 EDNS_ECS_invalid_addr_v6_prefix 255 bits F zeek DNS
|
XXXXXXXXXX.XXXXXX C4J4Th3PJpwUYZZ6gc 2a00:1450:4013:c03::10a 46433 2001:470:765b::a25:53 53 EDNS_ECS_invalid_addr_v6_prefix 255 bits F zeek DNS
|
||||||
XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 2a00:1450:4013:c06::105 63369 2001:470:765b::a25:53 53 EDNS_ECS_invalid_addr_v6 need 66 bits, have 56 bits F zeek DNS
|
XXXXXXXXXX.XXXXXX CtPZjS20MLrsMUOJi2 2a00:1450:4013:c06::105 63369 2001:470:765b::a25:53 53 EDNS_ECS_invalid_addr_v6 need 66 bits, have 56 bits F zeek DNS
|
||||||
XXXXXXXXXX.XXXXXX CUM0KZ3MLUfNB0cl11 2a00:1450:400c:c00::106 54430 2001:470:765b::a25:53 53 EDNS_ECS_invalid_option_len - F zeek DNS
|
XXXXXXXXXX.XXXXXX CUM0KZ3MLUfNB0cl11 2a00:1450:400c:c00::106 54430 2001:470:765b::a25:53 53 EDNS_ECS_invalid_option_len - F zeek DNS
|
||||||
|
XXXXXXXXXX.XXXXXX CUM0KZ3MLUfNB0cl11 2a00:1450:400c:c00::106 54430 2001:470:765b::a25:53 53 EDNS_truncated_option - F zeek DNS
|
||||||
#close XXXX-XX-XX-XX-XX-XX
|
#close XXXX-XX-XX-XX-XX-XX
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue