Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-08 09:38:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Merge remote-tracking branch 'security/topic/awelzel/121-ftp-timeout-again'

Browse source 
* security/topic/awelzel/121-ftp-timeout-again:
  ftp: Introduce FTP::max_command_length
This commit is contained in:
Tim Wojtulewicz 2022-11-22 12:27:26 -07:00
commit 9e8833e2d5
12 changed files with 96 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

1
scripts/base/frameworks/notice/weird.zeek
View file

@ -136,6 +136,7 @@ export {
["FIN_advanced_last_seq"] = ACTION_LOG,
["FIN_after_reset"] = ACTION_IGNORE,
["FIN_storm"] = ACTION_NOTICE_PER_ORIG,
["FTP_max_command_length_exceeded"] = ACTION_LOG_PER_CONN,
["FTP_too_many_pending_commands"] = ACTION_LOG_PER_CONN,
["HTTP_bad_chunk_size"] = ACTION_LOG,
["HTTP_chunked_transfer_for_multipart_message"] = ACTION_LOG,

9
scripts/base/init-bare.zeek
View file

@ -337,6 +337,15 @@ type ftp_port: record {
valid: bool; ##< True if format was right. Only then are *h* and *p* valid.
};
module FTP;
## Limits the size of commands accepted by the FTP analyzer. Longer commands
## raise a FTP_max_command_length_exceeded weird and are discarded.
const max_command_length = 100 &redef;
module GLOBAL;
## Statistics about what a TCP endpoint sent.
##
## .. zeek:see:: conn_stats