Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
zeek/scripts/base
History
Arne Welzel c960d279a2 ssl: Cap number of alerts parsed from SSL record 
Limit the number of events raised from an SSL record with content_type
alert (21) to a configurable maximum number (default 10). For TLS 1.3,
the limit is set to 1 as specified in the RFC. Add a new weird cases
where the limit is exceeded.

OSS-Fuzz managed to generate a reproducer that raised ~660k ssl_plaintext
and ssl_alert events given ~810kb of input data. This change prevents this
with hopefully no negative side-effect in the real-world.
2023-10-25 09:35:10 +02:00
..
files Add extract_limit_includes_missing option for file extraction 2023-09-14 12:11:42 -07:00
frameworks http: Prevent request/response de-synchronization and unbounded state growth 2023-08-28 15:02:58 +02:00
misc Revert "Merge remote-tracking branch 'origin/topic/vern/at-if-analyze'" 2023-05-31 09:20:33 +02:00
packet-protocols Add registration for GRE-over-UDP 2023-10-16 11:42:24 -07:00
protocols quic: Integrate as default analyzer 2023-10-11 14:10:22 +02:00
utils all: Fix typos identified by typos pre-commit hook 2023-06-13 17:57:32 +02:00
init-bare.zeek ssl: Cap number of alerts parsed from SSL record 2023-10-25 09:35:10 +02:00
init-default.zeek quic: Integrate as default analyzer 2023-10-11 14:10:22 +02:00
init-frameworks-and-bifs.zeek Do not load Spicy scripts if Spicy is not available. 2023-05-16 10:21:21 +02:00
init-supervisor.zeek Establish a separate init script when using the supervisor 2021-07-08 13:12:53 -07:00