Project

General

Profile

Actions
Copy link

Bug #5770

closed

smb: no consistency check between NBSS length and length field for some SMB operations

Added by Philippe Antoine over 1 year ago. Updated about 1 year ago.

Status:
Closed
Priority:
Normal
Assignee:
Philippe Antoine
Target version:
7.0.0-rc2
Affected Versions:
Effort:
Difficulty:
Label:

Description

For instance for SMB2 write request, the Length field indicates the length of the buffer contained in the NBSS record
But Suricata takes into account this length independently of the NBSS length for the file, and may thus use too many bytes for the file...

See https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-smb2/e7046961-3318-4350-be2a-a8d69bb59ce8
https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-smb2/829f93f5-ed10-4f12-8347-42d235019459

Subtasks 1 (0 open1 closed)

Bug #5899: smb: no consistency check between NBSS length and length field for some SMB operations (6.0.x backport)ClosedPhilippe AntoineActions

Related issues 2 (1 open1 closed)

Related to Suricata - Bug #5786: smb: possible evasion with trailing nbss dataClosedPhilippe AntoineActions
Blocks Suricata - Feature #4861: smb: support multi-stream file transfersIn ProgressPhilippe AntoineActions
Actions
Copy link

Also available in: Atom PDF