Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
zeek/scripts/base
History
Arne Welzel 187096d4a4 ssh: Test for c$ssh$analyzer_id existence 
While unusual, analyzer_confirmation() may never be called for the
SSH analyzer, but still ssh_auth_attempted is invoked later indicating
successful authentication. I haven't checked how that is actually possible,
but seems prudent to check for the existence of c$ssh$analyzer_id before
referencing it (also in light of runtime enable/disabling of events).

This was found testing Tim's all-the-fuzzing branch on large system,
merging this should avoid oss-fuzz telling us about it.

    $ zeek -C -r ./e83db.pcap 'DPD::ignore_violations+={ Analyzer::ANALYZER_SSH }'
    1668610572.429058 expression error in scripts/base/protocols/ssh/./main.zeek, line 260: field value missing (SSH::c$ssh$analyzer_id)
2022-11-16 16:35:57 +01:00
..
files Spelling fixes: scripts 2022-11-02 17:36:39 -04:00
frameworks ftp: Limit pending commands to FTP::max_pending_commands (default 20) 2022-11-08 16:44:17 -07:00
misc annotate base scripts with &is_used as needed 2022-05-26 17:39:17 -07:00
packet-protocols gtpv1: Do not register for protocol detection 2022-08-26 10:47:38 +02:00
protocols ssh: Test for c$ssh$analyzer_id existence 2022-11-16 16:35:57 +01:00
utils Spelling fixes: scripts 2022-11-02 17:36:39 -04:00
init-bare.zeek init-bare: Fix zeek:see after bif renaming 2022-11-15 16:04:37 +01:00
init-default.zeek frameworks/dpd: Move to frameworks/analyzer/dpd, load by default 2022-08-31 16:50:47 +02:00
init-frameworks-and-bifs.zeek GH-1122: Allow initializing globals with calls to subdir BIFs 2020-08-27 12:20:37 -07:00
init-supervisor.zeek Establish a separate init script when using the supervisor 2021-07-08 13:12:53 -07:00