aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

ssh: avoid quadratic complexity from long banner

Browse Source 
Ticket: 6799

When we find an overlong banner, we get into the state just
waiting for end of line, and we just want to skip the bytes
until then.
Returning AppLayerResult::incomplete made TCP engine retain
the bytes and grow the buffer that we parsed again and again...
pull/10666/head
Philippe Antoine 2 years ago committed by Victor Julien
parent cc3b4b01ec
commit 271ed2008b
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File

4
rust/src/ssh/ssh.rs
Unescape Escape View File

@ -256,7 +256,9 @@ impl SSHState {
return r; return r;
} }
Err(Err::Incomplete(_)) => { Err(Err::Incomplete(_)) => {
return AppLayerResult::incomplete(0_u32, (input.len() + 1) as u32); // we do not need to retain these bytes
// we parsed them, we skip them
return AppLayerResult::ok();
} }
Err(_e) => { Err(_e) => {
SCLogDebug!("SSH invalid banner {}", _e); SCLogDebug!("SSH invalid banner {}", _e);

Write Preview
Loading…
Cancel
Save