Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

MIME: Cap nested MIME analysis depth to 100

Browse source 
OSS-Fuzz managed to produce a MIME multipart message construction with
thousands of nested entities (or that's what Zeek makes out of it anyhow).
Prevent such deep analysis by capping at a nesting depth of 100,
preventing unnecessary resource usage. A new weird named exceeded_mime_max_depth
is reported when this limit is reached.

This change reduces the runtime of the OSS-Fuzz reproducer from ~45 seconds
to ~2.5 seconds.

The test PCAP was produced from a Python script using the email package
and sending the rendered version via POST to a HTTP server.

Closes #208
This commit is contained in:
Arne Welzel 2024-01-15 21:06:24 +01:00 committed by Tim Wojtulewicz
parent cea7c473ac
commit 2a858d252e
13 changed files with 74 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

4
NEWS
View file

@ -184,6 +184,10 @@ Changed Functionality
two encapsulation layers. Two layers are already easily reached in AWS GLB
environments.
- Nested MIME message analysis is now capped at a maximum depth of 100 to prevent
unbounded MIME message nesting. This limit is configurable with ``MIME::max_depth``.
A new weird named ``exceeded_mime_max_depth`` is reported when reached.
Removed Functionality
---------------------