Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Merge remote-tracking branch 'security/topic/awelzel/196-ftp-timeout-smaller-fix'

Browse source 
* security/topic/awelzel/196-ftp-timeout-smaller-fix:
  Update baselines
  ftp: Do not base seq on number of pending commands
This commit is contained in:
Tim Wojtulewicz 2023-10-27 11:03:54 -07:00
commit d9534f687a
6 changed files with 10 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

3
scripts/base/protocols/ftp/info.zeek
View file

@ -64,6 +64,9 @@ export {
## to are tracked here. ## to are tracked here.
pending_commands: PendingCmds; pending_commands: PendingCmds;
## Sequence number of previous command.
command_seq: count &default=0;
## Indicates if the session is in active or passive mode. ## Indicates if the session is in active or passive mode.
passive: bool &default=F; passive: bool &default=F;

4
scripts/base/protocols/ftp/main.zeek
View file

@ -165,7 +165,7 @@ function set_ftp_session(c: connection)
Conn::register_removal_hook(c, finalize_ftp); Conn::register_removal_hook(c, finalize_ftp);
# Add a shim command so the server can respond with some init response. # Add a shim command so the server can respond with some init response.
add_pending_cmd(c$ftp$pending_commands, "<init>", ""); add_pending_cmd(c$ftp$pending_commands, ++c$ftp$command_seq, "<init>", "");
} }
} }
@ -270,7 +270,7 @@ event ftp_request(c: connection, command: string, arg: string) &priority=5
# Queue up the new command and argument # Queue up the new command and argument
if ( |c$ftp$pending_commands| < max_pending_commands ) if ( |c$ftp$pending_commands| < max_pending_commands )
add_pending_cmd(c$ftp$pending_commands, command, arg); add_pending_cmd(c$ftp$pending_commands, ++c$ftp$command_seq, command, arg);
else else
Reporter::conn_weird("FTP_too_many_pending_commands", c, Reporter::conn_weird("FTP_too_many_pending_commands", c,
cat(|c$ftp$pending_commands|), "FTP"); cat(|c$ftp$pending_commands|), "FTP");

4
scripts/base/protocols/ftp/utils-commands.zeek
View file

@ -78,9 +78,9 @@ export {
}; };
} }
function add_pending_cmd(pc: PendingCmds, cmd: string, arg: string): CmdArg function add_pending_cmd(pc: PendingCmds, seq: count, cmd: string, arg: string): CmdArg
{ {
local ca = [$cmd = cmd, $arg = arg, $seq=|pc|+1, $ts=network_time()]; local ca = [$cmd = cmd, $arg = arg, $seq=seq, $ts=network_time()];
pc[ca$seq] = ca; pc[ca$seq] = ca;
return ca; return ca;

1
testing/btest/Baseline/coverage.record-fields/out.default
View file

@ -162,6 +162,7 @@ connection {
* ts: time, log=F, optional=F * ts: time, log=F, optional=F
} }
* command: string, log=T, optional=T * command: string, log=T, optional=T
* command_seq: count, log=F, optional=T
* cwd: string, log=F, optional=T * cwd: string, log=F, optional=T
* data_channel: record FTP::ExpectedDataChannel, log=T, optional=T * data_channel: record FTP::ExpectedDataChannel, log=T, optional=T
FTP::ExpectedDataChannel { FTP::ExpectedDataChannel {

2
testing/external/commit-hash.zeek-testing vendored
View file

@ -1 +1 @@
05af330a994b192cefecb00dcaf78ad8f7cb5ab2 1084213b00cbde4dd0ea985f92f9c89c1042ce73

2
testing/external/commit-hash.zeek-testing-private vendored
View file

@ -1 +1 @@
1522faf244d4de213a8f17ab4e2c5273d80d99e4 05e472a9d035c183383b06bc12d79610d42654e0