[BIT-1856] segfault in Content_Analyzer with multipart/form-data http - Bro Tracker

Details

Type: Problem
Status: Closed
Priority: Normal
Resolution: Merged
Affects Version/s: git/master
Fix Version/s: None
Component/s: Bro
Labels:
None
Environment:

FreeBSD 10.3 RELEASE

Description

When ContentLine_Analyzer::DoDeliverOnce is called with a value of "\nfalse\r\n----WebkitFormBoundary" and last_char was set to '\r' in a previous call, buf is set to \0 at index -1.

I think a fix would be to check the offset in the EMIT_LINE macro to be > 0.

Sadly I can not share the original trace which triggers the segfault. If this report is not enough I can spend some more time trying to create a test trace.

Attachments

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

Attachments

BIT-1856.diff
0.6 kB
09/Oct/17 7:15 AM
bro_bit_1856.backtrace
9 kB
18/Oct/17 7:13 AM
bro_bit_1856.pcap
1 kB
18/Oct/17 7:13 AM

Activity

People

Assignee:

Unassigned

Reporter:

Frank Meier

Votes:

0 Vote for this issue

Watchers:

4 Start watching this issue

Dates

Created:

05/Oct/17 2:37 AM

Updated:

02/Jan/18 2:13 AM

Resolved:

16/Oct/17 5:19 PM