Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 22:58:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
zeek/scripts/base/protocols/ftp
History
Arne Welzel 64f84aba34 ftp: No unbounded directory command re-use 
OSS-Fuzz generated traffic containing a CWD command with a single very large
path argument (427kb) starting with ".___/` \x00\x00...", This is followed
by a large number of ftp replies with code 250. The directory logic in
ftp_reply() would match every incoming reply with the one pending CWD command,
triggering path buildup ending with something 120MB in size.

Protect from re-using a directory command by setting a flag in the
CmdArg record when it was consumed for the path traversal logic.

This doesn't prevent unbounded path build-up generally, but does prevent the
amplification of a single large command with very many small ftp_replies.
Re-using a pending path command seems like a bug as well.
2023-05-19 09:37:12 -07:00
..
__load__.zeek Rename all scripts to have ".zeek" file extension 2019-04-11 21:12:40 -05:00
dpd.sig Moved DPD signatures into script specific directories. 2013-07-09 22:44:55 -04:00
files.zeek scripts: Migrate table iteration to blank identifiers 2022-10-24 10:36:09 +02:00
gridftp.zeek Small bugfix and updates for external test hashes (SSL/X509) 2021-06-29 15:25:08 +01:00
info.zeek Rename all scripts to have ".zeek" file extension 2019-04-11 21:12:40 -05:00
main.zeek ftp: No unbounded directory command re-use 2023-05-19 09:37:12 -07:00
README Add README files for base/protocols 2013-10-17 12:47:32 -05:00
utils-commands.zeek ftp: No unbounded directory command re-use 2023-05-19 09:37:12 -07:00
utils.zeek GH-234: rename Broxygen to Zeexygen along with roles/directives 2019-04-22 19:45:50 -07:00

README 

Support for File Transfer Protocol (FTP) analysis.