Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-09 18:18:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
12680 commits 387 branches 195 tags 267 MiB
Commit graph

6667 commits

Author SHA1 Message Date
Jon Siwek
fb7c3677dc Merge remote-tracking branch 'origin/fastpath' 
* origin/fastpath:
  Remove remaining references to BROMAGIC
  Fix typos and formatting in event and BiF documentation
 2014-05-20 10:29:45 -05:00
Daniel Thayer
d421357104 Fix typos and formatting in event and BiF documentation 2014-05-19 19:39:43 -05:00
Jon Siwek
a8078b491e Merge branch 'topic/bernhard/x509-memory' 
BIT-1193 #merged
 2014-05-19 18:15:21 -05:00
Bernhard Amann
360a93badb clean up openssl data structures on exit 2014-05-19 14:44:35 -07:00
Bernhard Amann
604072f762 openssl / x509 memory leak issues. 
initialization had a small leak (static size), verify had none, ocsp_verify had tons.

I hope this was all...
 2014-05-19 14:36:36 -07:00
Jon Siwek
aee708c703 Change record ctors to only allow record-field-assignment expressions. 
Previously, any expression that evaluates to a record may have been used
in a record ctor's expression list.  This didn't work in all cases,
doesn't provide any unique functionality that can't be done otherwise,
and is possibly a path to introducing subtle scripting errors.

BIT-1192 #closed
 2014-05-19 15:50:00 -05:00
Bernhard Amann
2c35bcf709 change validation return value from count to int. Scripts already had been updated, I forgot the function returns.. 2014-05-19 11:31:30 -07:00
Daniel Thayer
c7599befb9 Fix a couple of doc build warnings 2014-05-19 12:54:15 -05:00
Daniel Thayer
fae092639d Fix some doc build warnings 
Removed references to pop3_terminate (that event was removed in a previous
commit).
 2014-05-19 08:39:04 -05:00
Seth Hall
fb0a658a7c Merge remote-tracking branch 'origin/master' into topic/seth/files-tracking 
Conflicts:
	src/Reassem.cc
	src/Reassem.h
	src/analyzer/protocol/tcp/TCP_Reassembler.cc
	testing/btest/Baseline/scripts.base.frameworks.file-analysis.bifs.set_timeout_interval/bro..stdout
	testing/btest/Baseline/scripts.base.frameworks.file-analysis.http.partial-content/b.out
	testing/btest/Baseline/scripts.base.frameworks.file-analysis.http.partial-content/c.out
	testing/btest/Baseline/scripts.base.frameworks.file-analysis.logging/files.log
 2014-05-17 02:12:52 -04:00
Robin Sommer
ed4cd9352a Merge remote-tracking branch 'origin/topic/bernhard/even-more-ssl-changes' 
Good stuff! (but I admit I didn't look at the OpenSSL code too closely :)

* origin/topic/bernhard/even-more-ssl-changes:
  small test update & script fix
  update baselines & add ocsp leak check
  Add policy script adding ocsp validation to ssl.log
  Implement verification of OCSP replies.
  Add tls flag to smtp.log. Will be set if a connection switched to startls.
  add starttls support for pop3
  Add smtp starttls support
  Replace errors when parsing x509 certs with weirds (as requested by Seth).
  move tls content types from heartbleed to consts.bro. Seems better to put them there...
  Add new features from other branch to the heartbleed-detector (and clean them up).
  Let TLS analyzer fail better when no longer in sync with the data stream. The version field in each record-layer packet is now re-checked.

BIT-1190 #merged

Conflicts:
	testing/btest/Baseline/scripts.policy.misc.dump-events/all-events.log
	testing/btest/Baseline/scripts.policy.misc.dump-events/smtp-events.log
 2014-05-16 14:45:25 -07:00
Bernhard Amann
55d0c6f7fa Implement verification of OCSP replies. 
The OpenSSL code to do that is a nightmare.
 2014-05-16 10:32:08 -07:00
Robin Sommer
421120e12c Extending plugin interface. 
This is for feature parity with the older interface, and remains
experimental for now.
 2014-05-15 15:36:48 -07:00
Robin Sommer
b36df2a272 Updating submodule(s). 
[nomail]
 2014-05-15 11:48:11 -07:00
Robin Sommer
525e757d2a Merge remote-tracking branch 'origin/topic/vladg/radius' into topic/robin/radius-merge 
* origin/topic/vladg/radius:
  Radius functionality and memleak test.
  Update test baselines.
  Move seq to uint64 to match recent changes in seq processing.

BIT-1129 #merged
 2014-05-15 11:39:05 -07:00
Robin Sommer
ebc8ebf5f9 Merge remote-tracking branch 'origin/master' into topic/robin/radius-merge 
Conflicts:
	scripts/base/init-default.bro
 2014-05-15 11:10:11 -07:00
Bernhard Amann
ccccda6da8 Merge remote-tracking branch 'origin/master' into topic/bernhard/even-more-ssl-changes 2014-05-15 10:59:13 -07:00
Bernhard Amann
388b8f92ec add starttls support for pop3 2014-05-15 10:25:21 -07:00
Bernhard Amann
6bc914458b Add smtp starttls support 2014-05-15 09:59:43 -07:00
Vlad Grigorescu
d88f8d77cb Move seq to uint64 to match recent changes in seq processing. 2014-05-15 09:47:20 -04:00
Vlad Grigorescu
df99f87dbf Merge origin/master into topic/vladg/radius 2014-05-14 23:23:08 -04:00
Robin Sommer
bbd409d274 Merge remote-tracking branch 'origin/master' into topic/robin/dynamic-plugins-2.3 
(Never good to name a branch after version anticipated to include it ...)
 2014-05-14 16:23:04 -07:00
Bernhard Amann
746c073729 Replace errors when parsing x509 certs with weirds (as requested by Seth). 
The one I did not replace is a malloc issue which I think really should
raise an error.
 2014-05-14 15:53:26 -07:00
Bernhard Amann
f0b244b8b0 Add new features from other branch to the heartbleed-detector (and clean them up). 
We should now quite reliably detect scans/attacks, even when encrypted and not succesful.
 2014-05-14 15:42:27 -07:00
Robin Sommer
96bcc2d69d Merge branch 'topic/robin/bit-348-merge' 
* topic/robin/bit-348-merge:
  Fixing compiler warnings.
  Update SNMP analyzer's DeliverPacket method signature.
  Fix reassembly of data w/ sizes beyond 32-bit capacities (BIT-348).

BIT-348 #merged
 2014-05-08 16:33:59 -07:00
Bernhard Amann
9014629a7d Let TLS analyzer fail better when no longer in sync with the data stream. The 
version field in each record-layer packet is now re-checked.
 2014-05-08 11:32:52 -07:00
Jon Siwek
4ea8a4e8ef Change handling of atypical OpenSSL error case in x509 verification. 2014-05-07 10:45:00 -05:00
Jon Siwek
6277be6e60 Fix memory leaks in X509 certificate parsing/verification. 2014-05-06 20:50:37 -05:00
Jon Siwek
37b860d325 Fix new []/delete mismatch in input::reader::Raw::DoClose(). 2014-05-06 12:55:50 -05:00
Jon Siwek
af3b87e100 Fix buffer over-reads in file_analysis::Manager::Terminate() 2014-05-06 12:36:02 -05:00
Jon Siwek
965e4d421d Fix buffer overlows in IP address masking logic. 
That could occur either in taking a zero-length mask on an IPv6 address
(e.g. [fe80::]/0) or a reverse mask of length 128 on any address (e.g.
via the remask_addr BuiltIn Function).
 2014-05-06 12:13:43 -05:00
Jon Siwek
713fd2fbaf Fix new []/delete mismatch in ~Base64Converter. 2014-05-06 12:07:23 -05:00
Jon Siwek
b15bbf4f33 Replace an unneeded OPENSSL_malloc call. 2014-05-02 12:52:11 -05:00
Robin Sommer
8d1b47fae6 Merge remote-tracking branch 'origin/topic/bernhard/ec-curve' 
BIT-1189 #merged

* origin/topic/bernhard/ec-curve:
  fix broxygen errors
  Polish changes for ecdhe/dhe
  Add DH support to SSL analyzer.
  Add a few more ciphers Bro did not know at all so far.
  Forgot a few ciphers in the EC list...
  Log chosen curve when using ec cipher suite in TLS.
 2014-05-01 20:52:50 -07:00
Robin Sommer
a9eb31b461 Merge remote-tracking branch 'origin/fastpath' 
* origin/fastpath:
  Fix reference counting for lookup_ID() usages.
 2014-05-01 20:30:45 -07:00
Robin Sommer
55dfc54dd6 Merge remote-tracking branch 'origin/fastpath' 
* origin/fastpath:
  Fix missing "irc-dcc-data" service field from IRC DCC connections.
  Change X509 extension value parsing to not abort on malloc failures.
 2014-05-01 20:26:12 -07:00
Jon Siwek
8b7d5a68b2 Fix reference counting for lookup_ID() usages. 
That function refs the ID before returning it, but callers were never
assuming responsibility for that reference.
 2014-05-01 15:00:03 -05:00
Jon Siwek
385438d47c Change X509 extension value parsing to not abort on malloc failures. 
Also comes with factoring that out in to it's own function and
additional error check before using a return value from BIO_pending.
 2014-05-01 13:04:34 -05:00
Jon Siwek
d7d5497436 Improve/standardize some malloc/realloc return val checks. 2014-04-29 15:26:19 -05:00
Jon Siwek
4b059ea15a Improve file analysis manager shutdown/cleanup. 
file_analysis::Manager's dtor now doesn't assume any more analysis
progress can be made because too many of Bro's other subsystems
are shutdown by that point.  Any file analysis requests made after
Terminate cannot be reliably processed.
 2014-04-29 12:44:53 -05:00
Bernhard Amann
ef5b021e77 Polish changes for ecdhe/dhe 2014-04-27 00:15:49 -07:00
Bernhard Amann
fb56b22cff Add DH support to SSL analyzer. 
When using DHE or DH-Anon, sever key parameters are now available
in scriptland.

Also add script to alert on weak certificate keys or weak dh-params.
 2014-04-26 23:52:51 -07:00
Bernhard Amann
b1a2bccdc7 Add a few more ciphers Bro did not know at all so far. 2014-04-26 15:24:28 -07:00
Bernhard Amann
24b63f5fc8 Forgot a few ciphers in the EC list... 2014-04-26 09:57:20 -07:00
Bernhard Amann
597c373fa0 Log chosen curve when using ec cipher suite in TLS. 2014-04-26 09:48:36 -07:00
Robin Sommer
fc5dcc0dd1 Merge branch 'master' into topic/robin/bit-348-merge 2014-04-24 18:51:37 -07:00
Robin Sommer
b029d18336 Merge branch 'topic/mareq/quoted-printable' of https://github.com/mareq/bro 
Thanks!

Merged https://github.com/bro/bro/pull/7
 2014-04-24 18:38:43 -07:00
Robin Sommer
bd64e52782 Fixing compiler warnings. 2014-04-24 18:14:18 -07:00
Robin Sommer
116ed370a2 Merge remote-tracking branch 'origin/topic/jsiwek/bit-348' 
* origin/topic/jsiwek/bit-348:
  Update SNMP analyzer's DeliverPacket method signature.
  Fix reassembly of data w/ sizes beyond 32-bit capacities (BIT-348).

Conflicts:
	src/analyzer/protocol/file/File.cc
	src/analyzer/protocol/file/File.h
 2014-04-24 18:14:04 -07:00
Robin Sommer
3b5eabaff3 Merge remote-tracking branch 'origin/topic/jsiwek/remove-val-attribs' 
* origin/topic/jsiwek/remove-val-attribs:
  Remove unused Val::attribs member.

BIT-1187 #merged
 2014-04-24 17:06:36 -07:00