Merge remote-tracking branch 'security/topic/timw/154-rdp-timeout'

* security/topic/timw/154-rdp-timeout:
  RDP: Instantiate SSL analyzer instead of PIA
  RDP: add some enforcement to required values based on MS-RDPBCGR docs

testing/btest/Baseline/scripts.base.protocols.rdp.rdp-invalid-length/analyzer.log

@@ -0,0 +1,12 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	analyzer
+#open XXXX-XX-XX-XX-XX-XX
+#fields	ts	cause	analyzer_kind	analyzer_name	uid	fuid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	failure_reason	failure_data
+#types	time	string	string	string	string	string	addr	port	addr	port	string	string
+XXXXXXXXXX.XXXXXX	violation	protocol	RDP	CHhAvVGS1DHFjwGM9	-	10.0.0.1	45257	10.0.0.2	3389	Binpac exception: binpac exception: &enforce violation : RDP_Negotiation_Response:length	-
+XXXXXXXXXX.XXXXXX	violation	protocol	RDP	CHhAvVGS1DHFjwGM9	-	10.0.0.1	45257	10.0.0.2	3389	Binpac exception: binpac exception: invalid index for case: Connect_Confirm_Record: 49	-
+#close XXXX-XX-XX-XX-XX-XX

testing/btest/scripts/base/protocols/rdp/rdp-invalid-length.zeek

@@ -0,0 +1,8 @@
+# Tests a pcap that has a known-invalid length in a RDP_Negotiation_Response
+# header, ensuring that it throws a binpac exception and reports a notice to
+# analyzer.log. The pcap used is a snippet of a pcap from OSS-Fuzz #57109.
+
+# @TEST-EXEC: zeek -C -b -r $TRACES/rdp/rdp-invalid-length.pcap %INPUT
+# @TEST-EXEC: btest-diff analyzer.log
+
+@load base/protocols/rdp