Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-06 08:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Patch OOB write in content-line analyzer.

Browse source 
A combination of packets can trigger an out of bound write of '0' byte
in the content-line analyzer.

This bug was found by Frank Meier.

Addresses BIT-1856.
This commit is contained in:
Johanna Amann 2017-10-16 13:13:41 -07:00
parent 70456d9f6b
commit 6c0f101a62
1 changed files with 10 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

10
src/analyzer/protocol/tcp/ContentLine.cc
View file

@ -250,6 +250,16 @@ int ContentLine_Analyzer::DoDeliverOnce(int len, const u_char* data)
case '\n': case '\n':
if ( last_char == '\r' ) if ( last_char == '\r' )
{ {
// Weird corner-case:
// this can happen if we see a \r at the end of a packet where crlf is
// set to CR_as_EOL | LF_as_EOL, with the packet causing crlf to be set to
// 0 and the next packet beginning with a \n. In this case we just swallow
// the character and re-set last_char.
if ( offset == 0 )
{
last_char = c;
break;
}
--offset; // remove '\r' --offset; // remove '\r'
EMIT_LINE EMIT_LINE
} }