Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-08 01:28:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
zeek/scripts/base
History
Arne Welzel da91cee022 ssl: Cap number of alerts parsed from SSL record 
Limit the number of events raised from an SSL record with content_type
alert (21) to a configurable maximum number (default 10). For TLS 1.3,
the limit is set to 1 as specified in the RFC. Add a new weird for the
in cases where the limit is exceeded.

OSS-Fuzz managed to generate a reproducer that raised ~660k ssl_plaintext
and ssl_alert events together given ~810kb of input data. This prevents
it with hopefully no negative side-effect in the real-world.
2023-10-25 10:05:09 -07:00
..
files Add extract_limit_includes_missing option for file extraction 2023-09-12 09:41:03 -07:00
frameworks Merge remote-tracking branch 'origin/topic/awelzel/mmdb-fix-and-tests' 2023-10-24 13:49:25 -07:00
misc Revert "Merge remote-tracking branch 'origin/topic/vern/at-if-analyze'" 2023-05-31 09:20:33 +02:00
packet-protocols Add forwarding from VLAN analyzer into LLC, SNAP, and Novell 802.3 analyzers 2023-04-25 12:29:55 -07:00
protocols ftp: Do not log non-pending commands 2023-09-12 09:40:51 -07:00
utils Treat private address space as site-local by default 2023-03-15 17:01:00 -07:00
init-bare.zeek ssl: Cap number of alerts parsed from SSL record 2023-10-25 10:05:09 -07:00
init-default.zeek Do not load Spicy scripts if Spicy is not available. 2023-05-16 10:21:21 +02:00
init-frameworks-and-bifs.zeek Do not load Spicy scripts if Spicy is not available. 2023-05-16 10:21:21 +02:00
init-supervisor.zeek Establish a separate init script when using the supervisor 2021-07-08 13:12:53 -07:00