5.0.x: ftp: truncate first segment if over max length #7363

jasonish · 2022-05-02T20:06:00Z

The first segment was not limited to the configured maximum line length
allowing it to be up to 65k. This could result in the next input length
being negative, which while handled properly by the code, did trigger a
debug validation assertion.

The fix is to be consistent and apply the limit to the first segment as
well, which does ensure the input_len could never be less than 0.

Issue: https://redmine.openinfosecfoundation.org/issues/5281

(cherry picked from commit 9645285)

suricata-very-pr: 819

The first segment was not limited to the configured maximum line length allowing it to be up to 65k. This could result in the next input length being negative, which while handled properly by the code, did trigger a debug validation assertion. The fix is to be consistent and apply the limit to the first segment as well, which does ensure the input_len could never be less than 0. Ticket OISF#5281 (cherry picked from commit 9645285)

victorjulien · 2022-05-05T05:05:29Z

Merged in #7377, thanks!

jasonish requested a review from a team as a code owner May 2, 2022 20:06

jasonish mentioned this pull request May 2, 2022

ftp: tests for command truncation OISF/suricata-verify#819

Closed

victorjulien mentioned this pull request May 4, 2022

Next/50x/20220504/v4 #7377

Merged

victorjulien closed this May 5, 2022

jasonish deleted the 5.0.x-ticket-5281-ftp/v1 branch May 5, 2022 18:03

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

5.0.x: ftp: truncate first segment if over max length #7363

5.0.x: ftp: truncate first segment if over max length #7363

jasonish commented May 2, 2022

victorjulien commented May 5, 2022

5.0.x: ftp: truncate first segment if over max length #7363

5.0.x: ftp: truncate first segment if over max length #7363

Conversation

jasonish commented May 2, 2022

victorjulien commented May 5, 2022