This also includes:
- Deprecating the NetSessions name.
- Renaming the zeek::sessions global to zeek::session_mgr and deprecating the old name.
- Renaming Sessions.{h,cc} to SessionManager.{h,cc}.
This enables locating the headers within the install-tree using the
dirs provided by `zeek-config --include_dir`.
To enable locating these headers within the build-tree, this change also
creates a 'build/src/include/zeek -> ..' symlink.
* The parsing of IPv6 addresses tried to fill a stack-buffer with as
much data as supplied in the Option even if it was in excess of the
desired prefix or maximum IPv6 address size. This could result in an
overflow of that stack-buffer.
* The parsing of IPv4 addresses would overwrite the storage used for
that address as many times as there were bytes in the Option in excess
of the desired prefix length or maximum IPv4 address size. This could
cause the resulting IPv4 address to be derived from the incorrect
data.
* Upon encountering unexpected/excessive option-length or source-prefix
parameters, the data pointer used for parsing was also not always
advanced to the start of the next alleged option's data. Assuming all
other parsing code correctly guards against invalid input, there's no
further harm from that other than the subsequent parsing being more
likely to encounter unexpected values and emitting more Weirds.
Credit to OSS-Fuzz for discovery
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28336
(Link to details becomes public 30 days after patch release)
The Contents_DNS analyzer used a recursive message parsing function that
determined the size of the next message from the input packet-data
itself. A packet containing a sequence of many small messages could
cause a stack overflow since a recursion happenened after processing
each message.
Credit to OSS-Fuzz for discovery
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24272
