mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 14:48:21 +00:00
995368e68c
This changes many weird names to move non-static content from the weird name into the "addl" field to help ensure the total number of weird names is reasonably bounded. Note the net_weird and flow_weird events do not have an "addl" parameter, so information may no longer be available in those cases -- to make it available again we'd need to either (1) define new events that contain such a parameter, or (2) change net_weird/flow_weird event signature (which is a breaking change for user-code at the moment). Also, the generic handling of binpac exceptions for analyzers which to not otherwise catch and handle them has been changed from a Weird to a ProtocolViolation. Finally, a new "file_weird" event has been added for reporting weirdness found during file analysis.
8 lines
467 B
Text
8 lines
467 B
Text
# @TEST-EXEC: bro -r $TRACES/modbus/fuzz-72.trace
|
|
# @TEST-EXEC: btest-diff modbus.log
|
|
|
|
# The pcap has a flow with some fuzzed modbus traffic in it that should cause
|
|
# the binpac-generated analyzer code to throw a binpac::ExceptionOutOfBound.
|
|
# This should be correctly caught as a type of binpac::Exception and the
|
|
# binpac::ModbusTCP::Exception type that's defined as part of the analyzer
|
|
# shouldn't interfere with that handling and definitely shouldn't crash bro.
|