Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-11 19:18:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
zeek/scripts
History
Arne Welzel da91cee022 ssl: Cap number of alerts parsed from SSL record 
Limit the number of events raised from an SSL record with content_type
alert (21) to a configurable maximum number (default 10). For TLS 1.3,
the limit is set to 1 as specified in the RFC. Add a new weird for the
in cases where the limit is exceeded.

OSS-Fuzz managed to generate a reproducer that raised ~660k ssl_plaintext
and ssl_alert events together given ~810kb of input data. This prevents
it with hopefully no negative side-effect in the real-world.
2023-10-25 10:05:09 -07:00
..
base ssl: Cap number of alerts parsed from SSL record 2023-10-25 10:05:09 -07:00
policy Merge remote-tracking branch 'origin/topic/jazoff/gh-3268t ' 2023-09-08 11:09:56 -07:00
site Merge remote-tracking branch 'origin/topic/awelzel/no-metrics-centralization' 2023-06-21 15:42:10 -07:00
spicy Simplify code generated for Spicy analyzer port ranges. 2023-05-29 12:20:44 +02:00
zeekygen Merge remote-tracking branch 'origin/topic/awelzel/cluster-at-if-removal' 2023-06-12 11:23:01 -07:00
CMakeLists.txt Use the same rules as cmake submodule to reformat Zeek 2023-05-09 08:31:43 -07:00
test-all-policy.zeek Merge remote-tracking branch 'origin/topic/awelzel/no-metrics-centralization' 2023-06-21 15:42:10 -07:00