Project

General

Profile

Actions
Copy link

Bug #7254

open

dcerpc: parser does not support multiple PDUs

Added by Shivani Bhardwaj over 1 year ago. Updated 2 days ago.

Status:
In Review
Priority:
Normal
Assignee:
Philippe Antoine
Target version:
9.0.0-beta1
Affected Versions:
8.0.0
Effort:
Difficulty:
Label:

Description

dcerpc parser does not support parsing multiple PDUs in the input buffer. It takes the input, parses the first PDU, and if it succeeds, returns ok to the common applayer parser.

The common applayer parser then assumes that the entire data that was sent to the protocol parser was successfully parsed and consumed. It then updates the stream progress to reflect the same.

Subtasks 1 (1 open0 closed)

Bug #8374: dcerpc: parser does not support multiple PDUs (8.0.x backport)AssignedPhilippe AntoineActions

Related issues 5 (2 open3 closed)

Related to Suricata - Optimization #7251: dcerpc: mimic gap behavior if invalid data is sent to protocol parserIn ReviewShivani BhardwajActions
Blocked by Suricata - Bug #5133: dcerpc: logs not created after unhandled packet such as auth3In ReviewPhilippe AntoineActions
Copied to Suricata - Bug #7546: dcerpc: parser does not take fraglen into accountClosedShivani BhardwajActions
Copied to Suricata - Bug #7547: dcerpc: parser uses only one header for both directionsClosedPhilippe AntoineActions
Copied to Suricata - Bug #7548: dcerpc: avoid integer underflowClosedPhilippe AntoineActions
Actions
Copy link

Also available in: Atom PDF