mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 06:38:20 +00:00
5659cf18f8
OSS-Fuzz managed to produce a MIME multipart message construction with thousands of nested entities (or that's what Zeek makes out of it anyhow). Prevent such deep analysis by capping at a nesting depth of 100, preventing unnecessary resource usage. A new weird named exceeded_mime_max_depth is reported when this limit is reached. This change reduces the runtime of the OSS-Fuzz reproducer from ~45 seconds to ~2.5 seconds. The test PCAP was produced from a Python script using the email package and sending the rendered version via POST to a HTTP server. Closes #208 (cherry picked from commit 4e5849fe82c6097df5d25cd1a74d69ab4fa50f46)
11 lines
512 B
Text
11 lines
512 B
Text
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
|
#separator \x09
|
|
#set_separator ,
|
|
#empty_field (empty)
|
|
#unset_field -
|
|
#path weird
|
|
#open XXXX-XX-XX-XX-XX-XX
|
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer source
|
|
#types time string addr port addr port string string bool string string
|
|
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 48724 127.0.0.1 8080 exceeded_mime_max_depth 100 F zeek HTTP
|
|
#close XXXX-XX-XX-XX-XX-XX
|