Project

General

Custom queries

Profile

Actions

Bug #5281

closed

ftp: don't let first incomplete segment be over maximum length

Added by Jason Ish over 2 years ago. Updated over 2 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Affected Versions:
Effort:
Difficulty:
Label:
Needs backport to 5.0, Needs backport to 6.0

Description

The first non-terminated ftp command segment is buffered with no size limit. This results in a subsequent segment causing an integer to enter a negative state which is then asserted on with a DEBUG_VALIDATE_BUG_ON. Make sure the first segment is subject to limits of subsequent segments.

Then result in non-debug-validate-bug-on builds is that the first logged segment can be up to 65k, but their should be no security related issue here as the right thing is already done for negative values.


Related issues 3 (0 open3 closed)

Related to Suricata - Security #5024: ftp: GetLine function buffers data indefinitely if 0x0a was not found int the frag'd inputClosedJason IshActions
Copied to Suricata - Bug #5282: 6.0.x: ftp: don't let first incomplete segment be over maximum lengthClosedJason IshActions
Copied to Suricata - Bug #5283: 5.0.x: ftp: don't let first incomplete segment be over maximum lengthClosedJason IshActions
Actions #1

Updated by Jason Ish over 2 years ago

  • Status changed from New to Assigned
  • Assignee changed from OISF Dev to Jason Ish
  • Target version changed from TBD to 7.0.0-beta1
  • Affected Versions 6.0.5 added
  • Label Needs backport to 5.0, Needs backport to 6.0 added
Actions #2

Updated by Jason Ish over 2 years ago

  • Related to Security #5024: ftp: GetLine function buffers data indefinitely if 0x0a was not found int the frag'd input added
Actions #3

Updated by Jeff Lucovsky over 2 years ago

  • Copied to Bug #5282: 6.0.x: ftp: don't let first incomplete segment be over maximum length added
Actions #4

Updated by Jeff Lucovsky over 2 years ago

  • Copied to Bug #5283: 5.0.x: ftp: don't let first incomplete segment be over maximum length added
Actions #6

Updated by Jason Ish over 2 years ago

  • Description updated (diff)
Actions

Also available in: Atom PDF