mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 14:48:21 +00:00
c998cf697a
The buf[i] < 3 condition in use previously allowed all chars (signed on x86) through that had the 0x80 high-bit set after reconstructing from the two bytes of the netbios name, resulting in escaped non-ascii content in the logs. Fixes more of #2742
29 lines
1,000 B
Text
29 lines
1,000 B
Text
#
|
|
# @TEST-EXEC: zeek -b %INPUT >out
|
|
# @TEST-EXEC: btest-diff out
|
|
|
|
function decode_name(name: string)
|
|
{
|
|
local dn = decode_netbios_name(name);
|
|
local suffix = decode_netbios_name_type(name);
|
|
print suffix, |dn|, dn;
|
|
}
|
|
|
|
local encoded_names = vector(
|
|
"ejfdebfeebfacacacacacacacacacaaa", # ISATAP
|
|
"fhepfcelehfcepfffacacacacacacabl", # WORKGROUP
|
|
"abacfpfpenfdecfcepfhfdeffpfpacab", # \001\002__MSBROWSE__\002
|
|
"enebfcfeejeocacacacacacacacacaad", # MARTIN
|
|
"FEEIEFCAEOEFFEECEJEPFDCAEOEBENEF", # THE NETBIOS NAM
|
|
"cbcccdcecfcgchcicjckclcmcncodnaa", # !"#$%&'()*+,-.=
|
|
"dkdleafofphlhnhoaaaaaaaaaaaaaaaa", # :;@^_{}~
|
|
"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", # empty
|
|
"cacacacacacacacacacacacacacacaca", # empty
|
|
"abcd", # invalid length
|
|
"~jfdebfeebfacacacacacacacacacaaa", # invalid alphabet
|
|
"0jfdebfeebfacacacacacacacacacaaa", # invalid alphabet
|
|
"lpejldmeebfacacacacacacacacacaaa", # non-ascii stuff
|
|
);
|
|
|
|
for ( i in encoded_names )
|
|
decode_name(encoded_names[i]);
|