Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-16 13:38:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

MIME: Cap nested MIME analysis depth to 100

Browse source 
OSS-Fuzz managed to produce a MIME multipart message construction with
thousands of nested entities (or that's what Zeek makes out of it anyhow).
Prevent such deep analysis by capping at a nesting depth of 100,
preventing unnecessary resource usage. A new weird named exceeded_mime_max_depth
is reported when this limit is reached.

This change reduces the runtime of the OSS-Fuzz reproducer from ~45 seconds
to ~2.5 seconds.

The test PCAP was produced from a Python script using the email package
and sending the rendered version via POST to a HTTP server.

(cherry picked from commit 997c017df937ea47d999d9724e247c3d0e38e509)
This commit is contained in:
Arne Welzel 2024-01-15 21:06:24 +01:00 committed by Tim Wojtulewicz
parent c912b28444
commit b57a854633
12 changed files with 72 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

1
testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log
View file

@ -175,6 +175,7 @@ scripts/base/init-frameworks-and-bifs.zeek
build/scripts/base/bif/plugins/Zeek_KRB.events.bif.zeek
build/scripts/base/bif/plugins/Zeek_Login.events.bif.zeek
build/scripts/base/bif/plugins/Zeek_Login.functions.bif.zeek
build/scripts/base/bif/plugins/Zeek_MIME.consts.bif.zeek
build/scripts/base/bif/plugins/Zeek_MIME.events.bif.zeek
build/scripts/base/bif/plugins/Zeek_Modbus.events.bif.zeek
build/scripts/base/bif/plugins/Zeek_MQTT.types.bif.zeek