Project

General

Profile

Actions
Copy link

Bug #7254

closed
SB PA

dcerpc: parser does not support multiple PDUs

Bug #7254: dcerpc: parser does not support multiple PDUs

Added by Shivani Bhardwaj over 1 year ago. Updated about 2 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Philippe Antoine
Target version:
9.0.0-beta1
Affected Versions:
8.0.0
Effort:
Difficulty:
Label:

Description

dcerpc parser does not support parsing multiple PDUs in the input buffer. It takes the input, parses the first PDU, and if it succeeds, returns ok to the common applayer parser.

The common applayer parser then assumes that the entire data that was sent to the protocol parser was successfully parsed and consumed. It then updates the stream progress to reflect the same.

Subtasks 1 (0 open1 closed)

Bug #8374: dcerpc: parser does not support multiple PDUs (8.0.x backport)ClosedPhilippe AntoineActions

Related issues 5 (0 open5 closed)

Related to Suricata - Optimization #7251: dcerpc: mimic gap behavior if invalid data is sent to protocol parserRejectedActions
Blocked by Suricata - Bug #5133: dcerpc: logs not created after unhandled packet such as auth3ClosedPhilippe AntoineActions
Copied to Suricata - Bug #7546: dcerpc: parser does not take fraglen into accountClosedShivani BhardwajActions
Copied to Suricata - Bug #7547: dcerpc: parser uses only one header for both directionsClosedPhilippe AntoineActions
Copied to Suricata - Bug #7548: dcerpc: avoid integer underflowClosedPhilippe AntoineActions

PA Updated by Philippe Antoine over 1 year ago Actions
Copy link
 #1

  • Copied to Bug #7546: dcerpc: parser does not take fraglen into account added

PA Updated by Philippe Antoine over 1 year ago Actions
Copy link
 #2

  • Copied to Bug #7547: dcerpc: parser uses only one header for both directions added

PA Updated by Philippe Antoine over 1 year ago ยท Edited Actions
Copy link
 #3

  • Subject changed from dcerpc: parser does not support multiple PDUs to dcerpc: event on fraglen < 16

PA Updated by Philippe Antoine over 1 year ago Actions
Copy link
 #4

  • Subject changed from dcerpc: event on fraglen < 16 to dcerpc: parser does not support multiple PDUs

PA Updated by Philippe Antoine over 1 year ago Actions
Copy link
 #5

  • Copied to Bug #7548: dcerpc: avoid integer underflow added

VJ Updated by Victor Julien about 1 year ago Actions
Copy link
 #6

  • Target version changed from 8.0.0-beta1 to 8.0.0-rc1

VJ Updated by Victor Julien 12 months ago Actions
Copy link
 #7

  • Target version changed from 8.0.0-rc1 to 9.0.0-beta1

PA Updated by Philippe Antoine 10 months ago Actions
Copy link
 #8

  • Affected Versions 8.0.0 added

PA Updated by Philippe Antoine 2 months ago Actions
Copy link
 #9

  • Status changed from Assigned to In Review
  • Assignee changed from Shivani Bhardwaj to Philippe Antoine
  • Label Needs backport to 8.0 added

OT Updated by OISF Ticketbot 2 months ago Actions
Copy link
 #10

  • Subtask #8374 added

OT Updated by OISF Ticketbot 2 months ago Actions
Copy link
 #11

  • Label deleted (Needs backport to 8.0)

PA Updated by Philippe Antoine 2 months ago Actions
Copy link
 #12

  • Related to Optimization #7251: dcerpc: mimic gap behavior if invalid data is sent to protocol parser added

PA Updated by Philippe Antoine 2 months ago Actions
Copy link
 #13

  • Blocked by Bug #5133: dcerpc: logs not created after unhandled packet such as auth3 added

PA Updated by Philippe Antoine 2 months ago Actions
Copy link
 #14

  • Status changed from In Review to Resolved

PA Updated by Philippe Antoine about 2 months ago Actions
Copy link
 #15

  • Status changed from Resolved to Closed
Actions
Copy link

Also available in: PDF Atom