Skip to content
Permalink
Browse files Browse the repository at this point in the history
Patch OOB write in content-line analyzer.
A combination of packets can trigger an out of bound write of '0' byte
in the content-line analyzer.

This bug was found by Frank Meier.

Addresses BIT-1856.
  • Loading branch information
0xxon committed Oct 16, 2017
1 parent 70456d9 commit 6c0f101
Showing 1 changed file with 10 additions and 0 deletions.
10 changes: 10 additions & 0 deletions src/analyzer/protocol/tcp/ContentLine.cc
Expand Up @@ -250,6 +250,16 @@ int ContentLine_Analyzer::DoDeliverOnce(int len, const u_char* data)
case '\n':
if ( last_char == '\r' )
{
// Weird corner-case:
// this can happen if we see a \r at the end of a packet where crlf is
// set to CR_as_EOL | LF_as_EOL, with the packet causing crlf to be set to
// 0 and the next packet beginning with a \n. In this case we just swallow
// the character and re-set last_char.
if ( offset == 0 )
{
last_char = c;
break;
}
--offset; // remove '\r'
EMIT_LINE
}
Expand Down

0 comments on commit 6c0f101

Please sign in to comment.