From 8af4214c64bfb1899966a87d0f603f3cf0d0a7df Mon Sep 17 00:00:00 2001 From: Philippe Antoine Date: Thu, 3 Oct 2024 14:51:35 +0200 Subject: [PATCH] transform/base64: adds test against UBSan Ticket: 7296 --- tests/transform-base64-7296/README.md | 8 ++ tests/transform-base64-7296/input.pcap | Bin 0 -> 5528 bytes tests/transform-base64-7296/suricata.yaml | 105 ++++++++++++++++++++++ tests/transform-base64-7296/test.rules | 1 + tests/transform-base64-7296/test.yaml | 11 +++ 5 files changed, 125 insertions(+) create mode 100644 tests/transform-base64-7296/README.md create mode 100644 tests/transform-base64-7296/input.pcap create mode 100644 tests/transform-base64-7296/suricata.yaml create mode 100644 tests/transform-base64-7296/test.rules create mode 100644 tests/transform-base64-7296/test.yaml diff --git a/tests/transform-base64-7296/README.md b/tests/transform-base64-7296/README.md new file mode 100644 index 000000000..0aae8a484 --- /dev/null +++ b/tests/transform-base64-7296/README.md @@ -0,0 +1,8 @@ +# Description + +Test base64 transform does not trigger UBSAN. +https://redmine.openinfosecfoundation.org/issues/7296 + +# PCAP + +The pcap comes from oss-fuzz reproducer diff --git a/tests/transform-base64-7296/input.pcap b/tests/transform-base64-7296/input.pcap new file mode 100644 index 0000000000000000000000000000000000000000..6e8cd6afa2bbdd66becb4d57604d65662b53ffc2 GIT binary patch literal 5528 zc-rlleM}o=9LJx7jzG2JZA(gYaz-74P`E2?DK!&1)&XYBT0mV}Cug}q9c!ER7Prj3 z8I2LhAe(XG8#8fqGTbc{W?>4ma_rhrWcJ0v1=m^I zRN1}E$+^Cpm@6?^E)GmPu3TjG;G%SUcelHqtz!-P_Haya(5$(!j)6bcVQ1`& zLEjVOqb6rRAA-HWzUW|mW1Y={Z+8X)d;~7m)YlmFt>I9J4+z0<$Z@(S(jVpe_*xNd zHg)lW5DfLl0Ch;*aL@zh0GLbKb{r_<@&vd8K4IHgyI_-@d9xKKYl_3{CMk8Ng5 zET}T*aVVb6Eu_m3(nYn9zU|PQ;$>jDf%6-gVj&PQ#e^u&?JY)bc;3Cr*`ASO1P&Da zF(Nf?PX}EiWyM@4dfL^g`1?KR>;i7rD*qXE{<+cwzco4a2$jj_F&|bR(zPI&CRY1Z zFyWHWiV0^L6SWBw)>IR^LeWBV98nm$kR`q{a0>vJ$Q%K134pgx0|T$mijl@VookKE z?lJ&tL5;O&LD^f+aOK!U@5;7xt;a+CSf#WcVD7GURAgmBEe@Z$e)&(}wyCwA{b%%b zm@6|mt5t))lFl~Z-X>cH=3pM?Jf(pnYrBnEBuCM-5jf8SX97t}=6sM*4{kl9$$I|t z)|1p7SjJ=)4-IxZoSWO{$z!d!jX5?OLK`S)NgS#oBL~hz+>p#se5K8djdpWUA;=BV z&^7mhcZx$M(Uq9&i`Y~VY@4?8p?+Zi;=_v91bmJ3nijpTw>265{(5X!-0nUQfn9;$ zFVsf{xnSr?IxxURW4y3=pRn6xH|V!>F~QUs?hEb?@_i0^TQpcpGYxbX9|47CnrUJk zjMc#~bX#Y)LBEv~_4qi;V{=&Ko1~ySZJKNL{Hg0RbL4p^YqlLY(7MDWbDGtI zJ~O8TeWig6`d3vJzuWtQ)w0RGs~RJBs7ZS?t+X3t`v7UxinQ^pE>cp5T`zM=lQ;<% zCv95mbLIwUx{$6uzs;3Xs?NEhJ#`m=HJ=ingkK{&HMG}}%CWZ|v3I6xuRj^5Unklt zH>ZIKK8}<>_Jk3*JJj0i`}CK;V6MXaW2dILVP*wpl5J68VNR7d7fw?dS@I-j)GOXE zE}3&MBgY7wa56{fGbJp;(p|3xg}?xeSF}4C7Q%t>U@U1=qvcTzT5W_J&7_n3sRp;C zG&Yriq+YT-u@o!`bAI=t>{AiRk*6Y(lWr=){J*>?>r}KX@oN(N)?|K$sR*06<3-u0 zBFTg+VM3gWgn=j@8<0#8QxS%)^=U4fUab9SJRZlTfl|t*JU5PuJhmifeQq3&I>*fI z0}h-lamk#Xj2t6yI+8gE8RdMeK_zll?w|rxLbbqG$Py_l!#>Rg>H%ZN(iP}QU-ss3OLnJMk^Ik>{j@n3S)O?g~C0-C8^1Lzn!_%X?hT#28-J0?IwaqV`=y>hS&|<~s zciktCf483Tjz4#B@ZD+dn|JbSLZ(*=^Ylj#|NPKJR6V>c?$2WxE_LtWi$#sc-aA>c&HlyE>p5>GH*stt5%fN$|#U zGD)Q1J-Kp9)j8vStwpo399aHzMRO%rPN_QQrgp#lz*?skpZh any any (msg:"from_base64: offset #1 [mode rfc4648]"; http.uri; content:"/?arg=dGhpc2lzYXRlc3QK"; from_base64: offset 6 ; content:"thisisatest"; fast_pattern; sid:1; rev:1;) diff --git a/tests/transform-base64-7296/test.yaml b/tests/transform-base64-7296/test.yaml new file mode 100644 index 000000000..dfe0b0305 --- /dev/null +++ b/tests/transform-base64-7296/test.yaml @@ -0,0 +1,11 @@ +requires: + min-version: 8 + +args: + - -k none + +checks: + - filter: + count: 0 + match: + event_type: alert -- 2.47.2