Bug #7254 closed
SB
PA
dcerpc: parser does not support multiple PDUs
Added by Shivani Bhardwaj over 1 year ago.
Updated about 2 months ago.
Description
dcerpc parser does not support parsing multiple PDUs in the input buffer. It takes the input, parses the first PDU, and if it succeeds, returns ok to the common applayer parser.
The common applayer parser then assumes that the entire data that was sent to the protocol parser was successfully parsed and consumed. It then updates the stream progress to reflect the same.
Copied to Bug #7546 : dcerpc: parser does not take fraglen into account
Copied to Bug #7547 : dcerpc: parser uses only one header for both directions
Subject changed from dcerpc: parser does not support multiple PDUs to dcerpc: event on fraglen < 16
Subject changed from dcerpc: event on fraglen < 16 to dcerpc: parser does not support multiple PDUs
Copied to Bug #7548 : dcerpc: avoid integer underflow
Target version changed from 8.0.0-beta1 to 8.0.0-rc1
Target version changed from 8.0.0-rc1 to 9.0.0-beta1
Affected Versions 8.0.0 added
Status changed from Assigned to In Review Assignee changed from Shivani Bhardwaj to Philippe Antoine Label Needs backport to 8.0 added
Label deleted (Needs backport to 8.0
Related to Optimization #7251 : dcerpc: mimic gap behavior if invalid data is sent to protocol parser
Blocked by Bug #5133 : dcerpc: logs not created after unhandled packet such as auth3
Status changed from In Review to Resolved
Status changed from Resolved to Closed
Also available in: PDF Atom