Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Check for valid ip_hdr length before trying to make a Val out of it

Browse source
This commit is contained in:
Tim Wojtulewicz 2022-08-12 15:01:37 -07:00
parent 8d7a156109
commit b9f63173bc
3 changed files with 14 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

12
CHANGES
View file

@ -1,3 +1,15 @@
5.1.0-dev.466 | 2022-08-26 11:00:06 -0700
* Check for valid ip_hdr length before trying to make a Val out of it (Tim Wojtulewicz, Corelight)
* Fix potential overflow in modbus analyzer's bytestring_to_coils (Tim Wojtulewicz, Corelight)
* Add some sanity checking to BadARPEvent method (Tim Wojtulewicz, Corelight)
* Swap DNS EDNS field order to match script-land type (Tim Wojtulewicz, Corelight)
* Reset packet cap_len before returning from IP::AnalyzePacket (Tim Wojtulewicz, Corelight)
5.1.0-dev.461 | 2022-08-26 09:09:23 -0700 5.1.0-dev.461 | 2022-08-26 09:09:23 -0700
* Revert to regular peering fn for ssl_auth_failure (Dominik Charousset, Corelight) * Revert to regular peering fn for ssl_auth_failure (Dominik Charousset, Corelight)

2
VERSION
View file

@ -1 +1 @@
5.1.0-dev.461 5.1.0-dev.466

2
src/iosource/Packet.cc
View file

@ -142,7 +142,7 @@ RecordValPtr Packet::ToRawPktHdrVal() const
pkt_hdr->Assign(0, std::move(l2_hdr)); pkt_hdr->Assign(0, std::move(l2_hdr));
if ( l3_proto == L3_IPV4 || l3_proto == L3_IPV6 ) if ( ip_hdr && cap_len >= ip_hdr->TotalLen() && (l3_proto == L3_IPV4 || l3_proto == L3_IPV6) )
// Packet analysis will have stored the IP header in the packet, so we can use // Packet analysis will have stored the IP header in the packet, so we can use
// that to build the output. // that to build the output.
return ip_hdr->ToPktHdrVal(std::move(pkt_hdr), 1); return ip_hdr->ToPktHdrVal(std::move(pkt_hdr), 1);