Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-12 19:48:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Fixed a parsing bug in the SSL analyzer thanks to tracefile from Aashish Sharma.

Browse source
This commit is contained in:
Seth Hall 2011-07-01 06:49:41 -04:00
parent 26248fa243
commit bab76be87a
1 changed files with 14 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

15
src/ssl-protocol.pac
View file

@ -609,6 +609,16 @@ type CertificateVerify(rec: SSLRecord) = record {
# The finished messages are always sent after encryption is in effect, # The finished messages are always sent after encryption is in effect,
# so we will not be able to read those message. # so we will not be able to read those message.
type Finished(rec: SSLRecord) = record {
cont : bytestring &restofdata &transient;
} &let {
state_changed : bool =
$context.connection.transition(STATE_SERVER_HELLO_DONE,
STATE_COMM_ENCRYPTED, rec.is_orig, true) ||
$context.connection.transition(STATE_CLIENT_FINISHED,
STATE_COMM_ENCRYPTED, rec.is_orig, false) ||
$context.connection.lost_track();
};
###################################################################### ######################################################################
@ -635,6 +645,9 @@ type Handshake(rec: SSLRecord) = record {
SERVER_HELLO_DONE -> server_hello_done : ServerHelloDone(rec); SERVER_HELLO_DONE -> server_hello_done : ServerHelloDone(rec);
CERTIFICATE_VERIFY -> certificate_verify : CertificateVerify(rec); CERTIFICATE_VERIFY -> certificate_verify : CertificateVerify(rec);
CLIENT_KEY_EXCHANGE -> client_key_exchange : ClientKeyExchange(rec); CLIENT_KEY_EXCHANGE -> client_key_exchange : ClientKeyExchange(rec);
FINISHED -> finished : Finished(rec);
CERTIFICATE_URL -> certificate_url : bytestring &restofdata &transient;
CERTIFICATE_STATUS -> certificate_status : bytestring &restofdata &transient;
default -> unknown_handshake : UnknownHandshake(this, rec.is_orig); default -> unknown_handshake : UnknownHandshake(this, rec.is_orig);
} &length = to_int()(length); } &length = to_int()(length);
}; };
@ -679,7 +692,7 @@ type CiphertextRecord(rec: SSLRecord, is_orig: bool) = record {
###################################################################### ######################################################################
type SSLPDU(is_orig: bool) = record { type SSLPDU(is_orig: bool) = record {
records : SSLRecord(is_orig)[] &until($element == 0); records : SSLRecord(is_orig)[] &until($element <= 0);
} &byteorder = bigendian; } &byteorder = bigendian;