Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
17521 commits 387 branches 195 tags 255 MiB
Commit graph

17521 commits

This branch
This branch
All branches
Author SHA1 Message Date
Tim Wojtulewicz
f940f2d88f Merge remote-tracking branch 'security/topic/awelzel/217-quic-decrypt-crash' 
* security/topic/awelzel/217-quic-decrypt-crash:
  QUIC/decrypt_crypto: Actually check if decryption was successful
  QUIC/decrypt_crypto: Limit payload_length to 10k
  QUIC/decrypt_crypto: Fix decrypting into too small stack buffer
 2024-12-16 10:19:43 -07:00
Arne Welzel
7bdc856f0d QUIC/decrypt_crypto: Actually check if decryption was successful 
...and bail if it wasn't.

PCAP was produced using OSS-Fuzz input from issue 383379789.
 2024-12-15 20:39:26 -07:00
Arne Welzel
f10832d110 QUIC/decrypt_crypto: Limit payload_length to 10k 
Given we dynamically allocate memory for decryption, employ a limit
that is unlikely to be hit, but allows for large payloads produced
by the fuzzer or jumbo frames.
 2024-12-15 20:39:26 -07:00
Arne Welzel
15511e0fb5 QUIC/decrypt_crypto: Fix decrypting into too small stack buffer 
A QUIC initial packet larger than 1500 bytes could lead to crashes
due to the usage of a fixed size stack buffer for decryption.

Allocate the necessary memory dynamically on the heap instead.
 2024-12-15 20:39:26 -07:00
Tim Wojtulewicz
9a4791f9e9 Fix naming of zeromq package in Coverity workflow 2024-12-15 20:38:18 -07:00
Tim Wojtulewicz
ef35eadbd4 Fix naming of cppzmq-dev package in Coverity workflow 2024-12-15 20:36:47 -07:00
Tim Wojtulewicz
909a3d30b2 Merge branch 'topic/timw/coverity-build-failure' 
* topic/timw/coverity-build-failure:
  CI: Add missing packages to coverity workflow
 2024-12-13 16:46:36 -07:00
Tim Wojtulewicz
d702675aa6 CI: Add missing packages to coverity workflow 2024-12-13 13:58:55 -07:00
Tim Wojtulewicz
db3dcd5ff9 Start of 7.2.0 development 2024-12-13 13:38:53 -07:00
Tim Wojtulewicz
0890de2a3b Merge remote-tracking branch 'origin/topic/timw/update-all-submodules' 
* origin/topic/timw/update-all-submodules:
  Updating submodule(s) [nomail]
 2024-12-13 13:15:58 -07:00
Tim Wojtulewicz
0b301bbd26 Updating submodule(s) [nomail] 2024-12-13 12:18:00 -07:00
Tim Wojtulewicz
ee6d1374ba Merge remote-tracking branch 'origin/topic/vern/ZAM-assert-streamlining' 
* origin/topic/vern/ZAM-assert-streamlining:
  btest/supervisor: Bump one timeout to 30 seconds
  btest/cluster: Bump timeouts to 30 seconds
  btest/validate-ZAM: Update baseline, run always
 2024-12-13 12:17:45 -07:00
Tim Wojtulewicz
d788ab8f0e Merge remote-tracking branch 'origin/topic/vern/ZAM-assert-streamlining' 
* origin/topic/vern/ZAM-assert-streamlining:
  simplified ZAM instructions for executing "assert" statements
 2024-12-13 12:15:08 -07:00
Tim Wojtulewicz
ef98afb29e Merge remote-tracking branch 'origin/topic/awelzel/3287-push-rc-container-images' 
* origin/topic/awelzel/3287-push-rc-container-images:
  cirrus/container_image_manifest: match RC tags, too
  cirrus: Move additional tag "computation" into separate script
 2024-12-13 12:14:30 -07:00
Arne Welzel
a675aea6bb btest/supervisor: Bump one timeout to 30 seconds 2024-12-13 18:35:39 +01:00
Arne Welzel
21e33fdcd9 btest/cluster: Bump timeouts to 30 seconds 
ZAM startup may take a long time, particularly in CI environments, so
bump it up from 10 to 30 seconds.
 2024-12-13 18:28:43 +01:00
Arne Welzel
48b26f74f7 btest/validate-ZAM: Update baseline, run always 2024-12-13 18:25:28 +01:00
Tim Wojtulewicz
805e9db588 Merge remote-tracking branch 'origin/topic/vern/ZAM-tbl-iteration-memory-mgt-fix' 
* origin/topic/vern/ZAM-tbl-iteration-memory-mgt-fix:
  fix for memory management associated with ZAM table iteration
 2024-12-13 08:04:29 -07:00
Arne Welzel
522b03d362 cirrus/container_image_manifest: match RC tags, too 
The rest should just work, assuming VERSION files contain an
appropriate value. Add a check for that, too.
 2024-12-13 13:17:37 +01:00
Arne Welzel
eac91fdc24 cirrus: Move additional tag "computation" into separate script 
This allows for easier testing locally and maybe re-usability.
 2024-12-13 13:17:31 +01:00
Arne Welzel
8d09a404f2 Merge remote-tracking branch 'origin/topic/awelzel/zeekygen-disable-cluster-experimental' 
* origin/topic/awelzel/zeekygen-disable-cluster-experimental:
  zeekygen: Disable Cluster::Experimental module
 2024-12-13 12:59:33 +01:00
Arne Welzel
9c5c8b55cc Merge remote-tracking branch 'origin/topic/vern/CPP-standalone-fixes' 
* origin/topic/vern/CPP-standalone-fixes:
  BTest updates in support of compiling-scripts-to-C++
  -O gen-standalone-C++ fixes for recent more aggressive AST profiling
 2024-12-13 10:57:28 +01:00
Arne Welzel
38e77eace7 zeekygen: Disable Cluster::Experimental module 
The nodes-experimental/manager.zeek file ends up calling Broker::publish()
unconditionally, resulting in a warning. Skip running that code when
generating documentation.
 2024-12-13 10:03:44 +01:00
Vern Paxson
4b6cec4cd8 simplified ZAM instructions for executing "assert" statements 2024-12-12 22:40:49 -08:00
Christian Kreibich
94f64a6dc6 Merge remote-tracking branch 'origin/topic/vern/preen-btest-alternatives' 
* origin/topic/vern/preen-btest-alternatives:
  removed a bunch of no-longer used BTest alternatives and their associated baselines
 2024-12-12 20:11:56 -08:00
Vern Paxson
85ef6e0cb8 removed a bunch of no-longer used BTest alternatives and their associated baselines 2024-12-12 19:16:34 -08:00
Vern Paxson
f4421d81c2 fix for memory management associated with ZAM table iteration 2024-12-12 18:37:52 -08:00
zeek-bot
14b59192ba Update doc submodule [nomail] [skip ci] 2024-12-13 00:25:00 +00:00
Vern Paxson
8876ec6f2d BTest updates in support of compiling-scripts-to-C++ 2024-12-12 14:30:23 -08:00
Vern Paxson
0a813a53c7 -O gen-standalone-C++ fixes for recent more aggressive AST profiling 2024-12-12 14:27:12 -08:00
Tim Wojtulewicz
1158757b2b Merge remote-tracking branch 'origin/topic/awelzel/move-broker-to-cluster-publish' 
* origin/topic/awelzel/move-broker-to-cluster-publish:
  netcontrol: Move to Cluster::publish()
  openflow: Move to Cluster::publish()
  netcontrol/catch-and-release: Move to Cluster::publish()
  config: Move to Cluster::publish()
  ssl/validate-certs: Move to Cluster::publish()
  irc: Move to Cluster::publish()
  ftp: Move to Cluster::publish()
  dhcp: Move to cluster publish
  notice: Move to Cluster::publish()
  intel: Move to Cluster::publish()
  sumstats: Move to Cluster::publish()
 2024-12-12 13:18:21 -07:00
Tim Wojtulewicz
25554fa668 Merge remote-tracking branch 'origin/topic/awelzel/fix-cluster-publish-any' 
* origin/topic/awelzel/fix-cluster-publish-any:
  cluster/Backend: Handle unspecified table/set
  cluster: Fix Cluster::publish() of Broker::Data
  cluster: Be noisy when attempting to connect to an unknown node
 2024-12-12 13:17:08 -07:00
Tim Wojtulewicz
c3bae4f1f8 Merge remote-tracking branch 'origin/topic/bbannier/bump-spicy' 
* origin/topic/bbannier/bump-spicy:
  Bump auxil/spicy to latest development snapshot
 2024-12-12 11:35:19 -07:00
Tim Wojtulewicz
98ec627404 Merge branch 'topic/timw/7.1-news-updates' 
* topic/timw/7.1-news-updates:
  Add note about various dependency updates [nomail] [skip ci]
  NEWS additions for v7.1 [nomail] [skip ci]
 2024-12-12 11:33:09 -07:00
Arne Welzel
3d55341690 netcontrol: Move to Cluster::publish() 2024-12-12 17:54:42 +01:00
Arne Welzel
fdf783df65 cluster/Backend: Handle unspecified table/set 
Same as what we do in Broker. Use the expected type if publishing
a table() or set() parameter.

This fixes issues when switching sumstats to Cluster::publish()
 2024-12-12 17:54:42 +01:00
Arne Welzel
b2df78c0bb openflow: Move to Cluster::publish() 2024-12-12 17:54:42 +01:00
Arne Welzel
100b825561 netcontrol/catch-and-release: Move to Cluster::publish() 2024-12-12 17:54:42 +01:00
Arne Welzel
66f6149662 config: Move to Cluster::publish() 2024-12-12 17:54:42 +01:00
Arne Welzel
32c9c940bf ssl/validate-certs: Move to Cluster::publish() 2024-12-12 17:54:42 +01:00
Arne Welzel
3d3706440b irc: Move to Cluster::publish() 2024-12-12 17:54:42 +01:00
Arne Welzel
387db42fea ftp: Move to Cluster::publish() 2024-12-12 17:54:42 +01:00
Arne Welzel
b372b47f83 dhcp: Move to cluster publish 2024-12-12 17:54:42 +01:00
Arne Welzel
a9243bafcc notice: Move to Cluster::publish() 2024-12-12 17:54:42 +01:00
Arne Welzel
347faf5e86 intel: Move to Cluster::publish() 2024-12-12 17:54:42 +01:00
Arne Welzel
f58a2c2ca8 sumstats: Move to Cluster::publish() 2024-12-12 17:54:42 +01:00
Arne Welzel
d9a74cf32d cluster: Fix Cluster::publish() of Broker::Data 
The broker serializer leverages the existing data_to_val() function.
During unserialization, if the destination type is any, the logic
simply wraps the broker::data value into a Broker::Data record.
Therefore, events with any parameters are currently exposed to
the Broker::Data type.

There is a bigger issue in that re-publishing such Broker::Data
instances would encode them as a normal record. Explicitly prevent
this by serializing the contained data value directly instead, similar
to what Broker already did when publishing a record.
 2024-12-12 17:54:37 +01:00
Arne Welzel
953fe8e029 Merge remote-tracking branch 'origin/topic/justin/pools-cache-node-topic' 
* origin/topic/justin/pools-cache-node-topic:
  Pre-compute the node topics for all pool entries.
 2024-12-12 14:45:50 +01:00
Arne Welzel
e100a8e698 Merge remote-tracking branch 'origin/topic/christian/fix-zam-analyzer-name' 
* origin/topic/christian/fix-zam-analyzer-name:
  Fix ZAM's implementation of Analyzer::name() BiF
 2024-12-12 14:45:28 +01:00
Benjamin Bannier
42406ad95e Bump auxil/spicy to latest development snapshot 2024-12-12 13:12:35 +01:00