Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-12 11:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
zeek/scripts/base
History
Arne Welzel 39a7375f0c ssl: Cap number of alerts parsed from SSL record 
Limit the number of events raised from an SSL record with content_type
alert (21) to a configurable maximum number (default 10). For TLS 1.3,
the limit is set to 1 as specified in the RFC. Add a new weird cases
where the limit is exceeded.

OSS-Fuzz managed to generate a reproducer that raised ~660k ssl_plaintext
and ssl_alert events given ~810kb of input data. This change prevents this
with hopefully no negative side-effect in the real-world.
2023-10-27 11:24:08 -07:00
..
files Add extract_limit_includes_missing option for file extraction 2023-09-14 12:11:42 -07:00
frameworks Merge remote-tracking branch 'origin/topic/awelzel/mmdb-fix-and-tests' 2023-10-24 13:13:16 -07:00
misc Revert "Merge remote-tracking branch 'origin/topic/vern/at-if-analyze'" 2023-05-31 09:20:33 +02:00
packet-protocols PPP: Add PPP analyzer to handle LINKTYPE_PPP (0x9) 2023-08-23 16:41:19 +02:00
protocols ftp: Do not base seq on number of pending commands 2023-10-27 11:24:00 -07:00
utils all: Fix typos identified by typos pre-commit hook 2023-06-13 17:57:32 +02:00
init-bare.zeek ssl: Cap number of alerts parsed from SSL record 2023-10-27 11:24:08 -07:00
init-default.zeek quic: Integrate as default analyzer 2023-10-11 14:10:22 +02:00
init-frameworks-and-bifs.zeek Do not load Spicy scripts if Spicy is not available. 2023-05-16 10:21:21 +02:00
init-supervisor.zeek Establish a separate init script when using the supervisor 2021-07-08 13:12:53 -07:00