Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Merge remote-tracking branch 'origin/topic/johanna/gh-4547'

Browse source 
* origin/topic/johanna/gh-4547:
  Spicy SSL analyzer: make record layer version parsing more strict
This commit is contained in:
Johanna Amann 2025-06-26 20:21:31 +01:00
commit dbeadc65ba
4 changed files with 13 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

2
src/analyzer/protocol/ssl/spicy/SSL.spicy
View file

@ -740,7 +740,7 @@ type SSL2ClientMasterKey = unit(length: uint16, inout sh: Share) {
# For TLS-y protocols - determine how to continue
type TLSRecordFragmentChoice = unit(content_type: uint8, handshakesink: sink&, alertsink: sink&, inout msg: Message, inout sh: Share) {
# content_type: uint8; # &convert=ContentType($$);
version: uint16;
version: uint16 &requires=($$ == SSLv3 || $$ == TLSv10 || $$ == TLSv11 || $$ == TLSv12 : "Invalid version in record layer. Version: %s" % $$);
switch (is_dtls_version(self.version)) {
True -> dtlsfragment: DTLSRecordFragment(content_type, handshakesink, alertsink, msg, sh);