Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
zeek/scripts/base/protocols
History
Arne Welzel 187096d4a4 ssh: Test for c$ssh$analyzer_id existence 
While unusual, analyzer_confirmation() may never be called for the
SSH analyzer, but still ssh_auth_attempted is invoked later indicating
successful authentication. I haven't checked how that is actually possible,
but seems prudent to check for the existence of c$ssh$analyzer_id before
referencing it (also in light of runtime enable/disabling of events).

This was found testing Tim's all-the-fuzzing branch on large system,
merging this should avoid oss-fuzz telling us about it.

    $ zeek -C -r ./e83db.pcap 'DPD::ignore_violations+={ Analyzer::ANALYZER_SSH }'
    1668610572.429058 expression error in scripts/base/protocols/ssh/./main.zeek, line 260: field value missing (SSH::c$ssh$analyzer_id)
2022-11-16 16:35:57 +01:00
..
conn Spelling fixes: scripts 2022-11-02 17:36:39 -04:00
dce-rpc Spelling fixes: scripts 2022-11-02 17:36:39 -04:00
dhcp Spelling fixes: scripts 2022-11-02 17:36:39 -04:00
dnp3 Support for log filter policy hooks 2020-09-30 12:32:45 -07:00
dns Update DNS type strings to match correct mappings 2022-11-02 14:22:46 -07:00
ftp ftp: Limit pending commands to FTP::max_pending_commands (default 20) 2022-11-08 16:44:17 -07:00
http {http,smtp}/entities: Align header regexes with extract_filename_from_content_disposition() 2022-11-08 16:45:25 -07:00
imap Merge remote-tracking branch 'origin/topic/seth/zeek_init' 2019-04-19 11:24:29 -07:00
irc annotate base scripts with &is_used as needed 2022-05-26 17:39:17 -07:00
krb Spelling fixes: scripts 2022-11-02 17:36:39 -04:00
modbus Add a field to Modbus/TCP log to indicate the Modbus PDU type 2022-07-24 02:41:26 +00:00
mqtt Disable MQTT by default 2019-08-05 17:04:39 -07:00
mysql Support for log filter policy hooks 2020-09-30 12:32:45 -07:00
ntlm scripts/dce-rpc,ntlm: Do not load base/frameworks/dpd 2022-08-31 16:50:37 +02:00
ntp &is_set => &is_assigned 2021-02-04 12:18:46 -08:00
pop3 Rename all scripts to have ".zeek" file extension 2019-04-11 21:12:40 -05:00
radius deprecation messages for unused base script functions 2022-05-27 14:36:30 -07:00
rdp Spelling fixes: scripts 2022-11-02 17:36:39 -04:00
rfb Support for log filter policy hooks 2020-09-30 12:32:45 -07:00
sip Support for log filter policy hooks 2020-09-30 12:32:45 -07:00
smb Spelling fixes: scripts 2022-11-02 17:36:39 -04:00
smtp {http,smtp}/entities: Align header regexes with extract_filename_from_content_disposition() 2022-11-08 16:45:25 -07:00
snmp Spelling fixes: scripts 2022-11-02 17:36:39 -04:00
socks Spelling fixes: scripts 2022-11-02 17:36:39 -04:00
ssh ssh: Test for c$ssh$analyzer_id existence 2022-11-16 16:35:57 +01:00
ssl Spelling fixes: scripts 2022-11-02 17:36:39 -04:00
syslog Remove trailing whitespace from script files 2021-10-20 09:57:09 -07:00
tunnels Add Teredo packet analyzer, disable old analyzer 2021-11-23 19:36:50 -07:00
xmpp Merge remote-tracking branch 'origin/topic/seth/zeek_init' 2019-04-19 11:24:29 -07:00