Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-10 02:28:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

ssl: Prevent unbounded ssl_history growth

Browse source 
The previous fix also made it clear that the ssl_history field may grow
unbounded via the ssl_alert event. Prevent by capping using a configurable
limit (default 100) and raise a weird once reached.
This commit is contained in:
Arne Welzel 2023-10-19 16:32:12 +02:00 committed by Tim Wojtulewicz
parent da91cee022
commit f6615753f1
6 changed files with 31 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

12
testing/btest/scripts/base/protocols/ssl/max-history-length.test Normal file
View file

@ -0,0 +1,12 @@
# Test max history length functionality
# @TEST-EXEC: zeek -r $TRACES/tls/tls-conn-with-extensions.trace
# @TEST-EXEC: zeek-cut uid ssl_history < ssl.log > ssl-max-history-length-default.log
# @TEST-EXEC: btest-diff ssl-max-history-length-default.log
# @TEST-EXEC: ! test -f weird.log
#
# @TEST-EXEC: zeek -r $TRACES/tls/tls-conn-with-extensions.trace SSL::max_ssl_history_length=3
# @TEST-EXEC: zeek-cut uid ssl_history < ssl.log > ssl-max-history-length-3.log
# @TEST-EXEC: zeek-cut uid name < weird.log > weird-max-history-length-3.log
# @TEST-EXEC: btest-diff ssl-max-history-length-3.log
# @TEST-EXEC: btest-diff weird-max-history-length-3.log