Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Patch for the Revoked bit set in DNSKEY Flag

Browse source 
A patch to parse the Revoked KSK flag combination in DNSKEY RR.
This commit is contained in:
Fatema BW 2019-01-15 17:38:43 -05:00 committed by GitHub
parent 39b1d49fc3
commit ac0ded1e0a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

4
src/analyzer/protocol/dns/DNS.cc
View file

@ -924,8 +924,10 @@ int DNS_Interpreter::ParseRR_DNSKEY(DNS_MsgInfo* msg,
//Evaluating the size of remaining bytes for Public Key //Evaluating the size of remaining bytes for Public Key
BroString* key = ExtractStream(data, len, rdlength - 4); BroString* key = ExtractStream(data, len, rdlength - 4);
if ( dflags != 256 and dflags != 257 and dflags != 0 ) if ( dflags != 256 and dflags != 257 and dflags != 0 and dflags != 385 )
analyzer->Weird("DNSSEC_DNSKEY_Invalid_Flag", fmt("%d", dflags)); analyzer->Weird("DNSSEC_DNSKEY_Invalid_Flag", fmt("%d", dflags));
if ( dflags == 385 )
analyzer->Weird("DNSSEC_DNSKEY_Revoked_KSK", fmt("%d", dflags));
if ( dprotocol != 3 ) if ( dprotocol != 3 )
analyzer->Weird("DNSSEC_DNSKEY_Invalid_Protocol", fmt("%d", dprotocol)); analyzer->Weird("DNSSEC_DNSKEY_Invalid_Protocol", fmt("%d", dprotocol));