Project

General

Profile

Actions
Copy link

Bug #4940

open

ftp-data: protocol misclassification if the file begins with a protocol pattern

Added by Philippe Antoine over 3 years ago. Updated about 2 months ago.

Status:
New
Priority:
Low
Assignee:
Philippe Antoine
Target version:
TBD
Affected Versions:
Effort:
Difficulty:
Label:

Description

As the expectation part of protocol detection runs only if there was no pattern found...

Related issues 1 (0 open1 closed)

Related to Suricata - Security #4857: ftp: SEGV at flow cleanup due to protocol confusionClosedPhilippe AntoineActions
Actions
Copy link
 #1

Updated by Philippe Antoine over 3 years ago

  • Related to Security #4857: ftp: SEGV at flow cleanup due to protocol confusion added
Actions
Copy link
 #2

Updated by Victor Julien almost 2 years ago

  • Assignee set to Philippe Antoine
  • Target version set to TBD
Actions
Copy link
 #3

Updated by Philippe Antoine about 2 months ago

I wonder if expectation could run first, as we could have information of ippair in the flow and see if this ippair has a FTP flow...

Side note : we also have the problem of ftp-data being missed when load balancing gets it in another core, and is processed sooner than the FTP packets giving the port for the ftp-data flow)

Actions
Copy link

Also available in: Atom PDF