mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 14:48:21 +00:00
3f5cb75a2a
oss-fuzz produced FTP traffic with a ~550KB long FTP command. Cap FTP command length at 100 bytes, log a weird if a command is larger than that and move on to the next. Likely it's not actual FTP traffic, but raising an analyzer violation would allow clients an easy way to disable the analyzer by sending an overly long command. The added test PCAP was generated using a fake Python socket server/client.
15 lines
1.3 KiB
Text
15 lines
1.3 KiB
Text
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
|
#separator \x09
|
|
#set_separator ,
|
|
#empty_field (empty)
|
|
#unset_field -
|
|
#path ftp
|
|
#open XXXX-XX-XX-XX-XX-XX
|
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p user password command arg mime_type file_size reply_code reply_msg data_channel.passive data_channel.orig_h data_channel.resp_h data_channel.resp_p fuid
|
|
#types time string addr port addr port string string string string string count count string bool addr addr port string
|
|
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 58634 127.0.0.1 21 anonymous - USER anonymous - - 230 Response to USER command - - - - -
|
|
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 58634 127.0.0.1 21 anonymous anonymous@zeek.org SYST - - - 200 Response to TYPEEEEEEEEEEEEE command - - - - -
|
|
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 58634 127.0.0.1 21 anonymous anonymous@zeek.org PASV - - - 215 Response to SYSTTTTTTTTTTTTT command - - - - -
|
|
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 58634 127.0.0.1 21 anonymous anonymous@zeek.org RETR ftp://127.0.0.1/./robots.txt - - 225 Response to RETR command - - - - -
|
|
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 58634 127.0.0.1 21 anonymous anonymous@zeek.org PORT 114,115 - - 200 Response to PORT command - - - - -
|
|
#close XXXX-XX-XX-XX-XX-XX
|