mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 06:38:20 +00:00
3724c14ad2
A call to `extract_filename_from_content_disposition()` is only efficient if the string is guaranteed to contain the pattern that is removed by `sub()`. Due to missing brackets around the `[:blank:]` character class, an overly long string (756kb) ending in "Type:dtanameaa=" matched the wrong pattern causing `sub()` to exhibit quadratic runtime. Besides that, we may have potentially extracted wrong information from a crafted header value. (cherry picked from commit 6d385b1ca724a10444865e4ad38a58b31a2e2288) |
||
|---|---|---|
| .. | ||
| base | ||
| policy | ||
| site | ||
| spicy | ||
| zeekygen | ||
| CMakeLists.txt | ||
| test-all-policy.zeek | ||