mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 14:48:21 +00:00
ae2a5c83a4
OSS-Fuzz found that providing an invalid BDAT line would tickle an assert in UpdateState(). The BDAT state was never initialized, but within UpdateState() that was expected. This also removes the AnalyzerViolation() call for bad BDAT commands and instead raises a weird. The SMTP analyzer is very lax and not triggering the violation allows to parse the server's response to such an invalid command. PCAP files produced by a custom Python SMTP client against Postfix.
18 lines
637 B
Text
18 lines
637 B
Text
# @TEST-DOC: Test invalid BDAT lines. Pcaps generated with a Python client against Postfix.
|
|
#
|
|
# @TEST-EXEC: zeek -b -r $TRACES/smtp/smtp-bdat-cmd-invalid.pcap %INPUT >out
|
|
# @TEST-EXEC: btest-diff smtp.log
|
|
# @TEST-EXEC: btest-diff weird.log
|
|
# @TEST-EXEC: btest-diff out
|
|
|
|
@load base/protocols/conn
|
|
@load base/protocols/smtp
|
|
|
|
event smtp_request(c: connection, is_orig: bool, command: string, arg: string) {
|
|
print "smtp_request", c$uid, is_orig, command, arg;
|
|
}
|
|
|
|
event smtp_reply(c: connection, is_orig: bool, code: count, cmd: string,
|
|
msg: string, cont_resp: bool) {
|
|
print "smtp_reply", c$uid, is_orig, code, cmd, msg;
|
|
}
|