Project

General

Profile

Actions
Copy link

Bug #4940

open
PA PA

ftp-data: protocol misclassification if the file begins with a protocol pattern

Bug #4940: ftp-data: protocol misclassification if the file begins with a protocol pattern

Added by Philippe Antoine over 4 years ago. Updated 6 months ago.

Status:
Assigned
Priority:
Low
Assignee:
Philippe Antoine
Target version:
TBD
Affected Versions:
8.0.0
Effort:
Difficulty:
Label:

Description

As the expectation part of protocol detection runs only if there was no pattern found...

Related issues 1 (0 open1 closed)

Related to Suricata - Security #4857: ftp: SEGV at flow cleanup due to protocol confusionClosedPhilippe AntoineActions

PA Updated by Philippe Antoine over 4 years ago Actions
Copy link
 #1

  • Related to Security #4857: ftp: SEGV at flow cleanup due to protocol confusion added

VJ Updated by Victor Julien almost 3 years ago Actions
Copy link
 #2

  • Assignee set to Philippe Antoine
  • Target version set to TBD

PA Updated by Philippe Antoine about 1 year ago Actions
Copy link
 #3

I wonder if expectation could run first, as we could have information of ippair in the flow and see if this ippair has a FTP flow...

Side note : we also have the problem of ftp-data being missed when load balancing gets it in another core, and is processed sooner than the FTP packets giving the port for the ftp-data flow)

PA Updated by Philippe Antoine 10 months ago Actions
Copy link
 #4

  • Affected Versions 8.0.0 added

PA Updated by Philippe Antoine 6 months ago Actions
Copy link
 #5

  • Status changed from New to Assigned
Actions
Copy link

Also available in: PDF Atom