Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-16 05:28:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

SMTP: Reject BDAT chunks larger than int64_t's max value

Browse source 
The ContentLine analyzer does not support uint64_t.
This commit is contained in:
Arne Welzel 2024-01-19 11:52:03 +01:00
parent 638e8a0519
commit 0318ddbee9
1 changed files with 10 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

10
src/analyzer/protocol/smtp/SMTP.cc
View file

@ -5,6 +5,7 @@
#include "zeek/zeek-config.h" #include "zeek/zeek-config.h"
#include <cstdlib> #include <cstdlib>
#include <limits>
#include "zeek/Event.h" #include "zeek/Event.h"
#include "zeek/NetVar.h" #include "zeek/NetVar.h"
@ -857,6 +858,15 @@ bool SMTP_Analyzer::ProcessBdatArg(int arg_len, const char* arg, bool orig) {
return false; return false;
} }
// The ContentLine analyzer only supports int64_t, but BDAT could deal
// with uint64_t sized chunks. Weird if the chunk size is larger and
// do not configure the ContentLine analyzer for plain delivery.
if ( chunk_size > std::numeric_limits<int64_t>::max() ) {
const char* addl = zeek::util::fmt("%" PRIu64, chunk_size);
Weird("smtp_huge_bdat_chunk", addl);
return false;
}
auto* cl = orig ? cl_orig : cl_resp; auto* cl = orig ? cl_orig : cl_resp;
cl->SetPlainDelivery(chunk_size); cl->SetPlainDelivery(chunk_size);