Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

ldap: Ignore ec/rrc for sealed wrap tokens

Browse source 
It shouldn't matter for the encrypted payload that we'll
just consume and ignore.
This commit is contained in:
Arne Welzel 2024-07-19 17:28:40 +02:00
parent a70ccc51ab
commit ca25516e03
1 changed files with 4 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

3
src/analyzer/protocol/ldap/ldap.spicy
View file

@ -228,6 +228,9 @@ type KrbWrapToken = unit {
} else if ( self.rrc == 0 ) { } else if ( self.rrc == 0 ) {
self.trailer_ec = self.ec; self.trailer_ec = self.ec;
} else { } else {
if ( ! self.ctx_flags.sealed )
# If it's sealed, we'll consume until &eod anyhow
# and ec/rrc shouldn't apply, otherwise, bail.
throw "Unhandled rc %s and ec %s" % (self.ec, self.rrc); throw "Unhandled rc %s and ec %s" % (self.ec, self.rrc);
} }
} }