Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-15 21:18:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Merge remote-tracking branch 'security/topic/awelzel/121-ftp-timeout-again'

Browse source 
* security/topic/awelzel/121-ftp-timeout-again:
  ftp: Introduce FTP::max_command_length
This commit is contained in:
Tim Wojtulewicz 2022-11-22 12:27:26 -07:00
commit 9e8833e2d5
12 changed files with 96 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

11
src/analyzer/protocol/ftp/FTP.cc
View file

@ -96,6 +96,17 @@ void FTP_Analyzer::DeliverStream(int length, const u_char* data, bool orig)
// Weird("FTP command missing", end_of_line - orig_line, orig_line);
cmd_str = new StringVal("<missing>");
}
else if ( BifConst::FTP::max_command_length > 0 &&
static_cast<zeek_uint_t>(cmd_len) > BifConst::FTP::max_command_length )
{
// If the FTP command is unusually long, log a weird if the analyzer
// has previously been confirmed, but otherwise just ignore the whole
// line and move on to the next.
if ( AnalyzerConfirmed() )
Weird("FTP_max_command_length_exceeded", util::fmt("%d", cmd_len));
return;
}
else
cmd_str = (new StringVal(cmd_len, cmd))->ToUpper();