Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
zeek/scripts/base
History
Arne Welzel 5659cf18f8 MIME: Cap nested MIME analysis depth to 100 
OSS-Fuzz managed to produce a MIME multipart message construction with
thousands of nested entities (or that's what Zeek makes out of it anyhow).
Prevent such deep analysis by capping at a nesting depth of 100,
preventing unnecessary resource usage. A new weird named exceeded_mime_max_depth
is reported when this limit is reached.

This change reduces the runtime of the OSS-Fuzz reproducer from ~45 seconds
to ~2.5 seconds.

The test PCAP was produced from a Python script using the email package
and sending the rendered version via POST to a HTTP server.

Closes #208

(cherry picked from commit 4e5849fe82c6097df5d25cd1a74d69ab4fa50f46)
2024-01-19 08:22:19 -07:00
..
files Add extract_limit_includes_missing option for file extraction 2023-09-12 09:41:03 -07:00
frameworks Merge remote-tracking branch 'origin/topic/awelzel/mmdb-fix-and-tests' 2023-10-24 13:49:25 -07:00
misc Revert "Merge remote-tracking branch 'origin/topic/vern/at-if-analyze'" 2023-05-31 09:20:33 +02:00
packet-protocols Add forwarding from VLAN analyzer into LLC, SNAP, and Novell 802.3 analyzers 2023-04-25 12:29:55 -07:00
protocols Merge remote-tracking branch 'origin/topic/awelzel/smb-unbounded-recent-files-growth' 2024-01-12 11:46:16 -07:00
utils Treat private address space as site-local by default 2023-03-15 17:01:00 -07:00
init-bare.zeek MIME: Cap nested MIME analysis depth to 100 2024-01-19 08:22:19 -07:00
init-default.zeek Do not load Spicy scripts if Spicy is not available. 2023-05-16 10:21:21 +02:00
init-frameworks-and-bifs.zeek Do not load Spicy scripts if Spicy is not available. 2023-05-16 10:21:21 +02:00
init-supervisor.zeek Establish a separate init script when using the supervisor 2021-07-08 13:12:53 -07:00