mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 14:48:21 +00:00
b21e6f72da
This was exposed by OSS-Fuzz after the HTTP/0.9 changes in zeek/zeek#2851: We do not check the result of parsing the from and last bytes of a Content-Range header and would reference uninitialized values on the stack if these were not valid. This doesn't seem as bad as it sounds outside of yielding non-sensible values: If the result was negative, we weird/bailed. If the result was positive, we already had to treat it with suspicion anyway and the SetPlainDelivery() logic accounts for that.
11 lines
518 B
Text
11 lines
518 B
Text
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
|
#separator \x09
|
|
#set_separator ,
|
|
#empty_field (empty)
|
|
#unset_field -
|
|
#path weird
|
|
#open XXXX-XX-XX-XX-XX-XX
|
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer source
|
|
#types time string addr port addr port string string bool string string
|
|
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 42226 127.0.0.1 8080 HTTP_content_range_cannot_parse - F zeek HTTP
|
|
#close XXXX-XX-XX-XX-XX-XX
|