Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

DNS/dns_binds_rr: Fix complte to complete typo, switch to count

Browse source 
From my reading in the docs the complete_flag should only ever be a
single byte, so add a weird for when it is longer, but use count
as the new type.
This commit is contained in:
Arne Welzel 2024-12-09 18:29:40 +01:00
parent 0ebcd9608f
commit f6c44e3f7a
3 changed files with 28 additions and 18 deletions
Download patch file Download diff file Expand all files Collapse all files

11
src/analyzer/protocol/dns/DNS.cc
View file

@ -1262,6 +1262,14 @@ bool DNS_Interpreter::ParseRR_BINDS(detail::DNS_MsgInfo* msg, const u_char*& dat
String* completeflag = ExtractStream(data, len, rdlength - 4);
// We exposed the complete flag as a string to script land previously,
// but there should only ever be a single byte, so raise a weird if
// it is longer than that.
//
// https://bind9.readthedocs.io/en/latest/chapter5.html#monitoring-with-private-type-records
if ( completeflag->Len() > 1 )
analyzer->Weird("DNS_BINDS_complete_flag_length", util::fmt("%d", completeflag->Len()));
if ( dns_BINDS ) {
detail::BINDS_DATA binds;
binds.algorithm = algo;
@ -1855,8 +1863,9 @@ RecordValPtr DNS_MsgInfo::BuildBINDS_Val(BINDS_DATA* binds) {
r->Assign(2, binds->algorithm);
r->Assign(3, binds->key_id);
r->Assign(4, binds->removal_flag);
r->Assign(5, binds->complete_flag);
r->Assign(5, binds->complete_flag); // Remove in v8.1: Move field 7 here. Drop String* usage.
r->Assign(6, is_query);
r->Assign(7, binds->complete_flag->Len() > 0 ? binds->complete_flag->Bytes()[0] : 0);
return r;
}