Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
zeek/scripts
History
Arne Welzel 64f84aba34 ftp: No unbounded directory command re-use 
OSS-Fuzz generated traffic containing a CWD command with a single very large
path argument (427kb) starting with ".___/` \x00\x00...", This is followed
by a large number of ftp replies with code 250. The directory logic in
ftp_reply() would match every incoming reply with the one pending CWD command,
triggering path buildup ending with something 120MB in size.

Protect from re-using a directory command by setting a flag in the
CmdArg record when it was consumed for the path traversal logic.

This doesn't prevent unbounded path build-up generally, but does prevent the
amplification of a single large command with very many small ftp_replies.
Re-using a pending path command seems like a bug as well.
2023-05-19 09:37:12 -07:00
..
base ftp: No unbounded directory command re-use 2023-05-19 09:37:12 -07:00
policy Move spicy/misc scripts to policy and clarify purpose. 2023-05-16 10:21:21 +02:00
site policy: Import zeek-community-id scripts into protocols/conn frameworks/notice 2023-04-24 09:43:19 +02:00
spicy Integrate the Spicy plugin into Zeek proper. 2023-05-16 10:17:45 +02:00
zeekygen Move spicy/misc scripts to policy and clarify purpose. 2023-05-16 10:21:21 +02:00
CMakeLists.txt Use the same rules as cmake submodule to reformat Zeek 2023-05-09 08:31:43 -07:00
test-all-policy.zeek Move spicy/misc scripts to policy and clarify purpose. 2023-05-16 10:21:21 +02:00