Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-04 23:58:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
zeek/scripts/base
History
Arne Welzel 6517ed94f2 smb/dce-rpc: Cleanup DCE-RPC analyzers when fid is closed and limit them 
This patch does two things:

1) For SMB close requests, tear down any associated DCE-RPC
   analyzer if one exists.

2) Protect from fid_to_analyzer_map growing unbounded by introducing a
   new SMB::max_dce_rpc_analyzers limit and forcefully wipe the
   analyzers if exceeded. Propagate this to script land as event
   smb_discarded_dce_rpc_analyzers() for additional cleanup.

This is mostly to fix how the binpac SMB analyzer tracks individual
DCE-RPC analyzers per open fid. Connections that re-open the same or
different pipe may currently allocate unbounded number of analyzers.

Closes #3145.
2023-06-30 15:14:32 +02:00
..
files Revert "Merge remote-tracking branch 'origin/topic/vern/at-if-analyze'" 2023-05-31 09:20:33 +02:00
frameworks smb/dce-rpc: Cleanup DCE-RPC analyzers when fid is closed and limit them 2023-06-30 15:14:32 +02:00
misc Revert "Merge remote-tracking branch 'origin/topic/vern/at-if-analyze'" 2023-05-31 09:20:33 +02:00
packet-protocols Add forwarding from VLAN analyzer into LLC, SNAP, and Novell 802.3 analyzers 2023-04-25 12:29:55 -07:00
protocols smb/dce-rpc: Cleanup DCE-RPC analyzers when fid is closed and limit them 2023-06-30 15:14:32 +02:00
utils all: Fix typos identified by typos pre-commit hook 2023-06-13 17:57:32 +02:00
init-bare.zeek smb/dce-rpc: Cleanup DCE-RPC analyzers when fid is closed and limit them 2023-06-30 15:14:32 +02:00
init-default.zeek Do not load Spicy scripts if Spicy is not available. 2023-05-16 10:21:21 +02:00
init-frameworks-and-bifs.zeek Do not load Spicy scripts if Spicy is not available. 2023-05-16 10:21:21 +02:00
init-supervisor.zeek Establish a separate init script when using the supervisor 2021-07-08 13:12:53 -07:00