mirror of
https://github.com/zeek/zeek.git
synced 2025-10-08 01:28:20 +00:00
924ed053c7
IP packets that have a header length that is greater than the total length of the packet cause a integer overflow, which cause range-checks to fail, which causes OOB reads. Furthermore Bro does not currently check the version field of IP packets that are read from tunnels. I added this check - otherwhise Bro reports bogus IP information in its error messages, just converting the data from the place where the IP information is supposed to be to IPs. This behavior brings us closer to what other software (e.g. Wireshark) displays in these cases. |
||
|---|---|---|
| .. | ||
| gtp | ||
| 4in4.pcap | ||
| 4in6.pcap | ||
| 6in4.pcap | ||
| 6in6-tunnel-change.pcap | ||
| 6in6.pcap | ||
| 6in6in6.pcap | ||
| ayiya3.trace | ||
| false-teredo.pcap | ||
| gre-sample.pcap | ||
| gre-within-gre.pcap | ||
| mpls-6in6-6in6-4in6-invalid-version-4.pcap | ||
| mpls-6in6-6in6-invalid-version-6.pcap | ||
| ping6-in-ipv4.pcap | ||
| socks.pcap | ||
| Teredo.pcap | ||
| teredo_bubble_with_payload.pcap | ||