Project

General

Profile

Actions
Copy link

Bug #7254

open

dcerpc: parser does not support multiple PDUs

Added by Shivani Bhardwaj 7 months ago. Updated 10 days ago.

Status:
Assigned
Priority:
Normal
Assignee:
Shivani Bhardwaj
Target version:
8.0.0-rc1
Affected Versions:
Effort:
Difficulty:
Label:

Description

dcerpc parser does not support parsing multiple PDUs in the input buffer. It takes the input, parses the first PDU, and if it succeeds, returns ok to the common applayer parser.

The common applayer parser then assumes that the entire data that was sent to the protocol parser was successfully parsed and consumed. It then updates the stream progress to reflect the same.

Related issues 3 (2 open1 closed)

Copied to Suricata - Bug #7546: dcerpc: parser does not take fraglen into accountNewShivani BhardwajActions
Copied to Suricata - Bug #7547: dcerpc: parser uses only one header for both directionsNewShivani BhardwajActions
Copied to Suricata - Bug #7548: dcerpc: avoid integer underflowClosedPhilippe AntoineActions
Actions
Copy link
 #1

Updated by Philippe Antoine about 2 months ago

  • Copied to Bug #7546: dcerpc: parser does not take fraglen into account added
Actions
Copy link
 #2

Updated by Philippe Antoine about 2 months ago

  • Copied to Bug #7547: dcerpc: parser uses only one header for both directions added
Actions
Copy link
 #3

Updated by Philippe Antoine about 2 months ago ยท Edited

  • Subject changed from dcerpc: parser does not support multiple PDUs to dcerpc: event on fraglen < 16
Actions
Copy link
 #4

Updated by Philippe Antoine about 2 months ago

  • Subject changed from dcerpc: event on fraglen < 16 to dcerpc: parser does not support multiple PDUs
Actions
Copy link
 #5

Updated by Philippe Antoine about 2 months ago

  • Copied to Bug #7548: dcerpc: avoid integer underflow added
Actions
Copy link
 #6

Updated by Victor Julien 10 days ago

  • Target version changed from 8.0.0-beta1 to 8.0.0-rc1
Actions
Copy link

Also available in: Atom PDF