Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-09 18:18:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Merge remote-tracking branch 'origin/topic/jsiwek/gh-541-ntlm-fix'

Browse source 
* origin/topic/jsiwek/gh-541-ntlm-fix:
  GH-541: add test cases for NTLM AV Pair sequence handling
  GH-541: fix handling of NTLM AV Pair sequences
This commit is contained in:
Johanna Amann 2019-08-28 11:33:49 -07:00
commit ec57894a85
9 changed files with 72 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

8
testing/btest/scripts/base/protocols/dce-rpc/ntlm-empty-av-pair-seq.zeek Normal file
View file

@ -0,0 +1,8 @@
# Tests for good parsing/handling of empty NTLM AV Pair sequences.
# @TEST-EXEC: zeek -b -r $TRACES/dce-rpc/ntlm-empty-av-sequence.pcap %INPUT
# @TEST-EXEC: btest-diff ntlm.log
# @TEST-EXEC: btest-diff dpd.log
@load base/protocols/dce-rpc
@load base/protocols/ntlm

8
testing/btest/scripts/base/protocols/dce-rpc/ntlm-unterminated-av-pair-seq.zeek Normal file
View file

@ -0,0 +1,8 @@
# Tests for good parsing/handling of unterminated NTLM AV Pair sequences.
# @TEST-EXEC: zeek -b -r $TRACES/dce-rpc/ntlm-unterminated-av-sequence.pcap %INPUT
# @TEST-EXEC: btest-diff ntlm.log
# @TEST-EXEC: btest-diff dpd.log
@load base/protocols/dce-rpc
@load base/protocols/ntlm