mirror of
https://github.com/zeek/zeek.git
synced 2025-10-10 18:48:20 +00:00
187096d4a4
While unusual, analyzer_confirmation() may never be called for the
SSH analyzer, but still ssh_auth_attempted is invoked later indicating
successful authentication. I haven't checked how that is actually possible,
but seems prudent to check for the existence of c$ssh$analyzer_id before
referencing it (also in light of runtime enable/disabling of events).
This was found testing Tim's all-the-fuzzing branch on large system,
merging this should avoid oss-fuzz telling us about it.
$ zeek -C -r ./e83db.pcap 'DPD::ignore_violations+={ Analyzer::ANALYZER_SSH }'
1668610572.429058 expression error in scripts/base/protocols/ssh/./main.zeek, line 260: field value missing (SSH::c$ssh$analyzer_id)
|
||
|---|---|---|
| .. | ||
| base | ||
| policy | ||
| site | ||
| zeekygen | ||
| CMakeLists.txt | ||
| test-all-policy.zeek | ||