mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 14:48:21 +00:00
c23d605286
The BDAT analyzer should be supporting uint64_t sized chunks reasonably well, but the ContentLine analyzer does not, And also, I totally got types for RemainingChunkSize() and in DeliverStream() wrong, resulting in overflows and segfaults when very large chunk sizes were used. Tickled by OSS-Fuzz. Actually running the fuzzer locally only took a few minutes to find the crash, too. Embarrassing.
18 lines
672 B
Text
18 lines
672 B
Text
# @TEST-DOC: Test a BDAT line with an overflowing integer size. Pcaps generated with a Python client against Postfix.
|
|
#
|
|
# @TEST-EXEC: zeek -r $TRACES/smtp/smtp-bdat-cmd-chunk-size-overflow.pcap %INPUT >out
|
|
# @TEST-EXEC: btest-diff smtp.log
|
|
# @TEST-EXEC: btest-diff weird.log
|
|
# @TEST-EXEC: btest-diff out
|
|
|
|
@load base/protocols/conn
|
|
@load base/protocols/smtp
|
|
|
|
event smtp_request(c: connection, is_orig: bool, command: string, arg: string) {
|
|
print "smtp_request", c$uid, is_orig, command, arg;
|
|
}
|
|
|
|
event smtp_reply(c: connection, is_orig: bool, code: count, cmd: string,
|
|
msg: string, cont_resp: bool) {
|
|
print "smtp_reply", c$uid, is_orig, code, cmd, msg;
|
|
}
|