SMTP/BDAT: Fix int/int64_t/uint64_t confusion

The BDAT analyzer should be supporting uint64_t sized chunks reasonably well, but the ContentLine analyzer does not, And also, I totally got types for RemainingChunkSize() and in DeliverStream() wrong, resulting in overflows and segfaults when very large chunk sizes were used. Tickled by OSS-Fuzz. Actually running the fuzzer locally only took a few minutes to find the crash, too. Embarrassing.
2025-10-03 15:18:20 +00:00 · 2024-01-19 11:43:57 +01:00 · 2024-01-19 11:43:57 +01:00 · c23d605286
commit c23d605286
parent 0318ddbee9
13 changed files with 148 additions and 5 deletions
--- a/testing/btest/scripts/base/protocols/bdat-chunk-size-overflow.test
+++ b/testing/btest/scripts/base/protocols/bdat-chunk-size-overflow.test
@ -0,0 +1,18 @@
+# @TEST-DOC: Test a BDAT line with an overflowing integer size. Pcaps generated with a Python client against Postfix.
+#
+# @TEST-EXEC: zeek -r $TRACES/smtp/smtp-bdat-cmd-chunk-size-overflow.pcap %INPUT >out
+# @TEST-EXEC: btest-diff smtp.log
+# @TEST-EXEC: btest-diff weird.log
+# @TEST-EXEC: btest-diff out
+
+@load base/protocols/conn
+@load base/protocols/smtp
+
+event smtp_request(c: connection, is_orig: bool, command: string, arg: string) {
+	print "smtp_request", c$uid, is_orig, command, arg;
+}
+
+event smtp_reply(c: connection, is_orig: bool, code: count, cmd: string,
+                 msg: string, cont_resp: bool) {
+	print "smtp_reply", c$uid, is_orig, code, cmd, msg;
+}