Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-06 08:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
zeek/testing/btest/core/tunnels
History
Johanna Amann 924ed053c7 Fix OOB read in Sessions.cc 
IP packets that have a header length that is greater than the total
length of the packet cause a integer overflow, which cause range-checks
to fail, which causes OOB reads.

Furthermore Bro does not currently check the version field of IP packets
that are read from tunnels. I added this check - otherwhise Bro reports
bogus IP information in its error messages, just converting the data
from the place where the IP information is supposed to be to IPs.

This behavior brings us closer to what other software (e.g. Wireshark)
displays in these cases.
2017-10-19 10:29:29 -07:00
..
gtp Test-suite passes. 2013-03-26 15:40:23 -07:00
ayiya.test Add AYIYA tunnel decapsulation unit test. 2012-06-05 15:17:27 -05:00
false-teredo.bro Removing the yielding_teredo_decapsulation option. 2015-08-14 08:36:16 -07:00
gre-in-gre.test BIT-867 - Support GRE tunnel decapsulation. 2014-01-16 16:03:04 -06:00
gre.test BIT-867 - Support GRE tunnel decapsulation. 2014-01-16 16:03:04 -06:00
ip-in-ip-version.bro Fix OOB read in Sessions.cc 2017-10-19 10:29:29 -07:00
ip-in-ip.test Make tunnels always identifiable by UID, tunnel.log now gets populated. 2012-04-26 12:29:59 -05:00
ip-tunnel-uid.test Fix for IP tunnel UID persistence. 2012-04-27 10:28:46 -05:00
teredo-known-services.test Removing the yielding_teredo_decapsulation option. 2015-08-14 08:36:16 -07:00
teredo.bro Add Teredo-specific events. 2012-06-05 15:07:56 -05:00
teredo_bubble_with_payload.test Make Teredo bubble packet parsing more lenient. 2012-06-19 12:59:38 -05:00