Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-04 15:48:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
11634 commits 385 branches 195 tags 258 MiB
Commit graph

5 commits

Author SHA1 Message Date
Tim Wojtulewicz
e27008ef26 GH-1184: Add 'source' field to weird log denoting where the weird was reported 2020-12-01 09:34:37 -07:00
Tim Wojtulewicz
a99b540e46 Rework Sessions::Weird 2020-10-15 13:03:11 -07:00
Tim Wojtulewicz
1cf251d1ca Move IP and IP tunnel code from Sessions into packet analyzers 2020-10-15 12:18:30 -07:00
Jon Siwek
2fa74e4bcb Change default value of peer_description "zeek" 2019-06-06 19:49:30 -07:00
Johanna Amann
924ed053c7 Fix OOB read in Sessions.cc 
IP packets that have a header length that is greater than the total
length of the packet cause a integer overflow, which cause range-checks
to fail, which causes OOB reads.

Furthermore Bro does not currently check the version field of IP packets
that are read from tunnels. I added this check - otherwhise Bro reports
bogus IP information in its error messages, just converting the data
from the place where the IP information is supposed to be to IPs.

This behavior brings us closer to what other software (e.g. Wireshark)
displays in these cases.
 2017-10-19 10:29:29 -07:00