Bug #4948
closedSMTP assertion triggered
Description
GettingAssertion failed: (!((state->curr_tx == ((void*)0)))), function SMTPTransactionComplete, file app-layer-smtp.c, line 887.
Reproducer is suricata -r lola.pcap -c suricata.yaml -k none
Need to craft a Suricata-verify test out of this
The pcap comes from S-V test smtp-rset
+ fuzzpcap tcptofpc.py
+ easy hex editing to have multiple RSET in one packet
+ add a packet starting a command but not ending it (ie no end of line)
+ easy hex editing to have multiple 250 in different packets
+ fuzzpcap back to pcap
Found by CIFuzz in https://github.com/OISF/suricata/pull/6751
Not found by oss-fuzz even if it seems reachable by fuzz_sigpcap_aware...
Files
Updated by Jeff Lucovsky almost 3 years ago
- Copied to Bug #4956: SMTP assertion triggered added
Updated by Jeff Lucovsky almost 3 years ago
- Copied to Bug #4957: SMTP assertion triggered added
Updated by Philippe Antoine almost 3 years ago
Now found by oss-fuzz https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43907
Updated by Philippe Antoine almost 3 years ago
- File ossfuzz.pcap ossfuzz.pcap added
Updated by Philippe Antoine almost 3 years ago
- Status changed from New to In Review
Updated by Philippe Antoine almost 3 years ago
- Status changed from In Review to Closed
Updated by Philippe Antoine almost 3 years ago
Another variant by oss-fuzz :
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=44305
rset then starttls
and 250 then 220 as reponses
Updated by Philippe Antoine almost 3 years ago
- Status changed from Closed to In Progress
Updated by Philippe Antoine almost 3 years ago
- Status changed from In Progress to In Review
Updated by Philippe Antoine over 2 years ago
- Status changed from In Review to Closed