Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

ftp: Do not log non-pending commands

Browse source 
OSS Fuzz generated a CWD request and reply followed by very many EPRT
requests. This caused Zeek to re-log the CWD request and invoke `build_url_ftp()`
over and over again resulting in long processing times.

Avoid this scenario by not logging commands that aren't pending anymore.

(cherry picked from commit b05dd31667ff634ec7d017f09d122f05878fdf65)
This commit is contained in:
Arne Welzel 2023-08-31 12:39:00 +02:00 committed by Tim Wojtulewicz
parent f6e7ea43c3
commit b2c40a22cb
2 changed files with 2 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

4
scripts/base/protocols/ftp/main.zeek
View file

@ -261,8 +261,8 @@ event ftp_request(c: connection, command: string, arg: string) &priority=5
# attackers.
if ( c?$ftp && c$ftp?$cmdarg && c$ftp?$reply_code )
{
remove_pending_cmd(c$ftp$pending_commands, c$ftp$cmdarg);
ftp_message(c);
if ( remove_pending_cmd(c$ftp$pending_commands, c$ftp$cmdarg) )
ftp_message(c);
}
local id = c$id;