Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 22:58:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Heartbleed: fix substraction order.

Browse source 
The larger number was substracted from the smaller one leading to an
integer overflow. However, no information was lost due to everything
also being present in the notice message.

Fixes GH-1454
This commit is contained in:
Johanna Amann 2021-03-25 13:41:12 +00:00 committed by Johanna Amann
parent 9ff3abb72c
commit c23e3ca105
1 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
scripts/policy/protocols/ssl/heartbleed.zeek
View file

@ -154,7 +154,7 @@ event ssl_encrypted_heartbeat(c: connection, is_orig: bool, length: count)
NOTICE([$note=SSL_Heartbeat_Many_Requests,
$msg=fmt("Server sending more heartbeat responses than requests seen. Possible attack. Client count: %d, server count: %d", c$ssl$originator_heartbeats, c$ssl$responder_heartbeats),
$conn=c,
$n=(c$ssl$originator_heartbeats-c$ssl$responder_heartbeats),
$n=(c$ssl$responder_heartbeats-c$ssl$originator_heartbeats),
$identifier=fmt("%s%d", c$uid, c$ssl$responder_heartbeats/1000) # re-throw every 1000 heartbeats
]);