Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-17 14:08:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Merge remote-tracking branch 'origin/topic/johanna/xmpp-ns'

Browse source 
BIT-1743 #merged

* origin/topic/johanna/xmpp-ns:
  XMPP: Fix detection of StartTLS when using namespaces
This commit is contained in:
Robin Sommer 2016-10-27 07:44:25 -07:00
commit ce72a09c0c
3 changed files with 14 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

5
CHANGES
View file

@ -1,4 +1,9 @@
2.5-beta-113 | 2016-10-27 07:44:25 -0700
* XMPP: Fix detection of StartTLS when using namespaces. (Johanna
Amann)
2.5-beta-110 | 2016-10-26 09:42:11 -0400 2.5-beta-110 | 2016-10-26 09:42:11 -0400
* Improvements DCE_RPC analyzer to make it perform fragment handling correctly * Improvements DCE_RPC analyzer to make it perform fragment handling correctly

2
VERSION
View file

@ -1 +1 @@
2.5-beta-110 2.5-beta-113

11
src/analyzer/protocol/xmpp/xmpp-analyzer.pac
View file

@ -11,6 +11,11 @@ refine connection XMPP_Conn += {
function proc_xmpp_token(is_orig: bool, name: bytestring, rest: bytestring): bool function proc_xmpp_token(is_orig: bool, name: bytestring, rest: bytestring): bool
%{ %{
string token = std_str(name); string token = std_str(name);
// Result will either be text after ":" or original string; this discards the namespace
string token_no_ns = std_str(name);
auto offset = token_no_ns.find(":");
if ( offset != std::string::npos && token_no_ns.length() > offset + 1 )
token_no_ns = token_no_ns.substr(offset + 1);
if ( is_orig && token == "stream:stream" ) if ( is_orig && token == "stream:stream" )
// Yup, looks like xmpp... // Yup, looks like xmpp...
@ -21,10 +26,10 @@ refine connection XMPP_Conn += {
// Handshake has passed the phase where we should see StartTLS. Simply skip from hereon... // Handshake has passed the phase where we should see StartTLS. Simply skip from hereon...
bro_analyzer()->SetSkip(true); bro_analyzer()->SetSkip(true);
if ( is_orig && token == "starttls" ) if ( is_orig && ( token == "starttls" || token_no_ns == "starttls" ) )
client_starttls = true; client_starttls = true;
if ( !is_orig && token == "proceed" && client_starttls ) if ( !is_orig && ( token == "proceed" || token_no_ns == "proceed" ) && client_starttls )
{ {
bro_analyzer()->StartTLS(); bro_analyzer()->StartTLS();
BifEvent::generate_xmpp_starttls(bro_analyzer(), bro_analyzer()->Conn()); BifEvent::generate_xmpp_starttls(bro_analyzer(), bro_analyzer()->Conn());
@ -32,7 +37,7 @@ refine connection XMPP_Conn += {
else if ( !is_orig && token == "proceed" ) else if ( !is_orig && token == "proceed" )
reporter->Weird(bro_analyzer()->Conn(), "XMPP: proceed without starttls"); reporter->Weird(bro_analyzer()->Conn(), "XMPP: proceed without starttls");
//printf("Processed: %d %s %s \n", is_orig, c_str(name), c_str(rest)); // printf("Processed: %d %s %s %s \n", is_orig, c_str(name), c_str(rest), token_no_ns.c_str());
return true; return true;
%} %}