mirror of
https://github.com/zeek/zeek.git
synced 2025-10-17 14:08:20 +00:00
b21e6f72da
This was exposed by OSS-Fuzz after the HTTP/0.9 changes in zeek/zeek#2851: We do not check the result of parsing the from and last bytes of a Content-Range header and would reference uninitialized values on the stack if these were not valid. This doesn't seem as bad as it sounds outside of yielding non-sensible values: If the result was negative, we weird/bailed. If the result was positive, we already had to treat it with suspicion anyway and the SetPlainDelivery() logic accounts for that. |
||
|---|---|---|
| .. | ||
| files | ||
| frameworks | ||
| misc | ||
| protocols | ||
| utils | ||