Merge remote-tracking branch 'origin/topic/awelzel/smb2-state-handling'

* origin/topic/awelzel/smb2-state-handling: NEWS: Add entry about SMB::max_pending_messages and state discarding scripts/smb2-main: Reset script-level state upon smb2_discarded_messages_state() smb2: Limit per-connection read/ioctl/tree state
2025-10-02 06:38:20 +00:00 · 2023-05-04 09:30:18 +02:00 · 2023-05-04 09:30:18 +02:00 · 12252743b1
commit 12252743b1
parent 8e49c87912 042aa1383b
17 changed files with 183 additions and 2 deletions
--- a/10
+++ b/10
@ -316,6 +316,16 @@ Changed Functionality
  instead, hello retry requests were logged like as a server hello (with the letter
  `s`). This oversight was fixed, and hello retry requests are now correctly logged.

+- When per-connection SMB parser state (read offsets, tree ids, ...) exceeds
+  ``SMB::max_pending_messages`` (default 1000), Zeek discards such per-connection
+  state and raises a new ``smb2_discarded_messages_state()`` event. This event is
+  used to reset script-layer SMB state. This change provides protection against
+  unbounded state growth due to partial or one-sided SMB connections.
+
+  Setting ``SMB::max_pending_messages`` to 0 can be used to switch back to the
+  previous behavior of not discarding state. Setting ``SMB::enable_state_clear``
+  to ``F`` skips the script-layer state clearing logic.
+
 Removed Functionality
 ---------------------