Bug #3631: FTP response buffering against TCP stream - Suricata - Open Information Security Foundation

Actions

Copy link

Bug #3631

closed

FTP response buffering against TCP stream

Added by Philippe Antoine about 4 years ago. Updated almost 4 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Philippe Antoine

Target version:

6.0.0beta1

Affected Versions:

4.1.6, 5.0.1

Effort:

Difficulty:

Label:

Needs backport to 4.1, Needs backport to 5.0

Description

Now, Suricata parses FTP response packets as if they are always complete.
This is not the TCP logic of streaming.
We have to keep buffering until the response is complete, and we can parse multiple responses in one TCP stream in one time.

Found by running suricata-verify tests while doing TCP stream splitting

Fix proposed https://github.com/OISF/suricata/pull/4789

Related issues 2 (0 open — 2 closed)

History
Notes
Property changes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Bug #3631

FTP response buffering against TCP stream

Updated by Victor Julien about 4 years ago

Updated by Philippe Antoine about 4 years ago

Updated by Jeff Lucovsky about 4 years ago

Updated by Jeff Lucovsky about 4 years ago

Updated by Jeff Lucovsky about 4 years ago

Updated by Victor Julien almost 4 years ago